Why is Effective Business Continuity Management Important?

Business Continuity Management

Why is Effective Business Continuity Management Important?

Business continuity management (BCM) denotes how organizations plan for and respond to risks. Mission-critical functions must continue to run after disruptions such as bad weather or hackers.

Business Continuity Management

A business continuity plan documents how your organization will continue to operate after a natural or man-made disaster, severe market conditions or sudden changes in leadership. This could be anything from a stock market crash to a hurricane to the death or dire illness of a key leader. BCPs are hot topics thanks to growing legislation and increased risks related to data security and other events. Every organization would benefit from adopting some kind of BCP framework, however modest.

What is Business Continuity Management?

Business continuity management (BCM) denotes how organizations plan for and respond to risks. Mission-critical functions must continue to run after disruptions such as bad weather or hackers. Smart planning also makes it possible for employees to return to business as usual quickly.

How Does Business Continuity Work?

The most effective way to achieve transparent, seamless risk management and disaster recovery is via a business continuity management system. This may require some outside assistance since any BCMS adopted should follow international standard ISO 22301 requirements. All businesses can begin the first phase themselves, however, by building a continuity plan that identifies and minimizes risks.

What’s the Big Deal With ISO 22301?

ISO 22301 lays out a road map for an effective BCMS and is the most credible resource for successful business continuity management. Becoming ISO 22301-certified signals to clients that your company has a game plan in case disaster strikes — certification helps clients decide that your firm is a solid investment for their business.

This certification proves to prospective clients that your organization will continue to provide the products or services they need, even if an emergency arises. It also gives you an:

  • Independent evaluation of your business continuity management, providing assurance or offering areas for improvement
  • Accredited certification with regular audits to ensure continual improvement
  • Oversight of regulatory requirements to ensure legal compliance. This could include the EU General Data Protection Regulation (GDPR) or new state and federal privacy regulations impacting customer data collection and storage.

What’s is Disaster Recovery vs. BCM?

People are often confused by the difference between these two terms. They aren’t synonyms. Business continuity deals with relocation and business functions while disaster recovery, which is a subset of business continuity, deals with the technical recovery of systems and resources.

Disaster recovery outlines how to recover technical functions, sites, operations and applications. A business continuity plan may contain many disaster recovery plans.

What Are the Key Components of a BCP?

A successful business continuity plan includes the following:

  • Succession plans for key employees
  • Identification of critical functions with priority identified
  • All employees’ contact information and role in the plan
  • Tested backup strategies

What Is Network Segmentation?

Email User On Segmented Network

What Is Network Segmentation?

Businesses that offer WiFi to their customers or have sensitive data needs should consider network segmentation as a necessary component of their IT solution.

Email User On Segmented Network

With network segmentation, your wireless services are separated into different parts, allowing you to better control access and data flow.

Network segmentation splits your wireless services into different segments or subnetworks. By establishing separate networks, you significantly reduce your company’s security risks.

Instead of putting all your corporate and guest traffic on the same WiFi network, segment the activity to keep sensitive data apart from visitors, reduce risk.

Why?

When devices are connected to the same network, by default they can “talk” to other devices on the same network. That increases the potential for devices to listen to network traffic without any rules or monitoring in place.

The risk is lower if all the devices on your network are trusted and managed by your company. However, you could have a problem when less trustworthy devices are connected, such as guest and visitor smartphones, legacy computers and servers, or employee personal devices.

How Does Network Segmentation Work?

Network segments are designed with their own hardware and only allow credentialed users to access the services. Rules are built into network configurations to determine how devices on subnetworks can connect with each other.

Network segmentation limits the impact if there is a system intrusion by containing the threat within a subnetwork.

What Does a Typical Segmented Network Look Like?

For many small- and medium-sized businesses, there is only a need for a simple, two-subnetwork structure. A corporate subnetwork would be used for company-owned and -managed devices, providing access to the internal company subnetwork and, through a firewall, to the internet.

A guest subnetwork would be built to provide access to the internet only, also through a firewall. It keeps those guest devices disconnected from the corporate subnetwork from the start. Employee-owned devices can also be connected to a guest subnetwork.

Your business, whether it’s a medical practice, retail operation, auto dealership or professional services firm, may want visitors and guests to have WiFi access. It’s an appreciated service for those who need connectivity and do not want to use up their allotted data. If that service is the expectation or norm, you want to make sure it’s done carefully.

What Are the Security Benefits of Network Segmentation?

Security is the primary reason to choose network segmentation. The benefits are considerable

  • Stronger Security Standards. Segmentation allows you to better protect your most sensitive data. With layers of separation among your segmented networks, you’re putting up additional barriers to all users — whether well-intended or not.
  • Slowed Access for Attackers. If there is a breach to one segment of your network, it will be more difficult and take more time for the attacker to reach other parts of your system.
  • Minimized Threat from Outside Devices. Outside devices may have been hacked for the sole purpose of accessing corporate networks when connected. Often hackers install programs that lie dormant until connected to a wireless network. If compromised guest devices are contained within a subnetwork, the impact is minimal.
  • Better Policy Development. Strong network segmentation means your company can better restrict user access. Using a policy of least privilege lets you limit user access to files and systems to only what’s necessary.
  • Limited Damage. Network segmentation lets you reduce any damage inflicted by successful attacks. A breach to a single device within a subnetwork will mean less time and money to repair the damage of a widespread, system-wide assault.
  • Improved Performance. An added benefit of having segmented networks are the performance gains. With fewer devices on each subnetwork, local traffic is minimized and broadcast traffic can be isolated and prioritized.

What’s Needed to Start Network Segmentation?

If your internal IT staff does not have experience with network configuration, it’s a smart move to work with a local managed services provider to complete the project. Your business should do the following in preparation for a segmentation project:

  • Identify your network and data security needs, including the sensitivity of data you use and the business impact of compromised data and system downtime
  • Know where the data you want to keep safe is stored and how they could be separated
  • Determine who needs access to information on your network and limit access to only what is necessary by department or role
  • Identify those who will be responsible for monitoring and maintaining your network. A managed IT services company can do both remotely with net-generation firewall solutions

Network segmentation is a strategic move to keep data protected and accessible only by those who need it.

How to Achieve Digital Success

Man Looking at IPad with Graph

As the business world continues to evolve, digital transformation becomes even more important for every company, regardless of the industry. However, successfully moving into the digital arena and remaining on top requires companies to make the right choices when it comes to their money and their time.

Man Looking at IPad with Graph

Below are some tips to help your company achieve ongoing digital success.

1. Create a designated budget for digital projects.

In order to become a digital success, monetary investment is always required. Carve out a section of your budget that will be dedicated to digital projects only. In general, your digital expenses should represent at least five percent of your annual expenses. However, depending on your situation, you may decide to scale this amount up or down.

2. Involve your employees.

Investing money in digital projects alone is not enough to guarantee your success. You must also involve your employees in these endeavors. Every employee on your staff should be aware of your goals with regard to digital projects, and some of your employees should be working exclusively in roles related to digital.

3. Stay on top of emerging technologies.

The digital world is always changing, with new technologies on the horizon every day. To be successful digitally, your company needs to be aware of the new technologies as they emerge so you can incorporate them into your operations when appropriate.

4. Consider digital when looking for new talent.

Bringing your current employees onboard with your digital projects can be helpful, but it isn’t enough to ensure lasting success in this arena. As digital continues to become more widespread, hiring employees who are comfortable with technology becomes even more important for every company. When looking for new talent to add to your team, make digital skills a priority.

5. Make use of data.

To improve customer experiences digitally, your company needs to invest in and utilize data. Data allows you to customize every customer’s interactions with your company so he or she can have the highest level of satisfaction possible. Data also allows you to gain valuable insights about every aspect of your business’ operations so you can identify strengths and weaknesses.

6. Seek professional assistance.

Bringing digital to your company successfully can be a challenge, especially if you aren’t an expert in this field and/or if you have many other responsibilities. If you aren’t sure how to incorporate digital into your daily operations, consider hiring a consultant or even a full-time digital team to help you make the most of your investments and your efforts.

These are just a few of the strategies you can use to make your company a digital success. Keep in mind that success rarely comes overnight, so ongoing effort will likely be required before you will see the results you desire.

Intel Humiliated by Losing CPU Market Share to Eager AMD

Intel Processors losing to EMD

Intel Processors losing to AMD

Intel Humiliated by Losing CPU Market Share to Eager AMD

Intel’s continued problems with delivering CPUs are expected to go on throughout the fall and potentially 2020. Intel’s CEO Bob Swan told shareholders during their second-quarter conference call that the delays in processor deliveries would continue until September.

The fallout benefits AMD, which increased its market share from 9.8 percent in 2018 to 18 percent by the end of June 2019.

Why is Intel having trouble shipping CPUs on time?

The culprit is Ice Lake, Intel’s high volume 10nm processor. The chipmaker announced Ice Lake at CES 2019, but the processor hasn’t been forthcoming in the volumes Intel promised. The 10nm project has slowed Intel’s other chip line production. Lower-end processors have especially suffered, leading to supply chain problems for manufacturers, retailers, and customers.

What are Intel’s problems with the 10nm CPU?

The current problems continue Intel’s struggles with 10nm chips which date back to 2013. Intel’s initial goal for 10nm CPUs was 2015. Year by year, Intel has pushed back the deadline for 10nm CPUs. Intel’s second-quarter conference call gave late 2019 as the deadline — but the real date is more likely to be 2020 for most people who want to buy PCs with the new CPU.

The bottom-line culprit is engineering choices. Intel’s 10nm design selections have consistently held mass production back on its 10nm CPU project. As problems continued, Intel responded by refining its 14nm CPU performance and production process. TSMC and Samsung have 10nm CPUs, but their performance is equivalent to Intel’s 14nm CPUs.

What is so good about increasingly tiny CPUs?

Intel and its competitors, including AMD, are continuing R & D on smaller and smaller gate-size processors. Smaller gate sizes allow more CPU cores, or they enable a smaller die for the same performance as a larger CPU.

Smaller CPUs also use less power and generate less heat, a must for mobile devices and laptops. With desktop PCs, heat and power consumption aren’t as important, so processor performance can be improved in other ways.

How have Intel’s supply problems affected its business?

Intel’s stock has increased 6% since January 2019 according to Fortune, but rival AMD’s stock has gone up 83%. Nvidia’s stock has risen 25% since January.

The supply problems are mirrored by leadership problems at “Chipzilla.” Intel’s former CEO Brian Krzanich resigned in June 2018 when a relationship with a former employee was disclosed. Krzanich’s replacement Bob Swan is credited with improving company morale and redirecting the floundering 10nm CPU team.

Has AMD taken advantage of Intel’s delays?

AMD is gaining market share with scaled-up production of 12nm circuits. The Santa Clara-based chipmaker is gaining market share from Intel with its Ryzen 14nm and 12nm CPUs. It has announced 7nm Ryzen and Rome CPUs. AMD’s year-to-year market share in desktop computers grew from 12.2% in the first quarter of 2018 to 17.1% by the first quarter of 2019. In notebooks, AMD’s share grew from 8% to 13.1 %.

AMD also expects the number of Ryzen CPU notebooks to grow significantly in 2019, with desktop units growing by 30% and notebooks by 50%. Lenovo, the world’s #2 PC manufacturer, will be using Ryzen 7 Pro 3700U chips in its upcoming ThinkPads.

Which Intel and AMD news should industry pros and investors watch in upcoming quarters?

Intel has delayed shipments of all of its CPUs, not just the promised 10nm Ice Lake and variant chips. Rivals AMD and Nvidia have taken advantage of ongoing delays to ink new deals with major companies including Lenovo.

Investors and industry pros should keep an eye on CPU market shares for the rest of 2019 and into 2020. This will indicate if the agile upstarts are going to continue to take on “Chipzilla” and change the landscape of computing power in 2020 and beyond.

What Are the Top Tips for Choosing the Best IT Company?

Two IT Company Professionals Working

Two IT Company Professionals Working

What Are the Top Tips for Choosing the Best IT Company?

Website outages, cybersecurity attacks, and any number of other IT incidents can cost your company hundreds or even thousands of dollars — every minute. For this reason alone, you need an outsourced IT company who is competent and highly qualified to handle your IT needs.

But how do you choose the best IT company?

Naturally, the IT needs of each individual business will vary. A medical practice will need IT assistance that specializes in privacy as well as cybersecurity because they’ll have a tremendous amount of sensitive data in their systems. On the other hand, your industry may require less focus on privacy and more focus on the particular type of software that you use.

Finding an IT company who specializes in your industry is the first step to locating optimal IT support.

Here are some other tips to keep in mind when choosing an IT support company for your business.

1. Look for experience.

As is always the case when you contract out services, you need to look for experience. It may be tempting to work with a brand-new, up and coming IT company in your area, but something as important as IT support warrants hiring a company who’s been in the business for at least a few years.

To establish that the IT companies you are considering have enough experience to get the job done right, ask to speak with their current or past clients. Also, ask for the list of credentials that their support staff possesses. These are the individuals you’ll be working with regularly, and you want to look for certifications and schooling in IT-related fields.

Lastly, make sure the experience that these companies have is related to your industry, specifically. We’ve already touched on this a bit, but it’s important to reiterate that it’s better to find an IT company who specializes in your industry than to find night one who claims they can “do it all.” Many IT companies specialize in healthcare IT, transport IT, or other specific industries, which means they know and understand these industries inside and out. That wants you want.

2. Choose a local company.

Some IT companies will claim they can take on your business from across the state or the nation. While this is possible, it’s unlikely you’ll get the level of quality service you actually deserve. It’s much better to go with a local IT company who you can work with directly.

In many situations, you’ll actually need IT support staff from your MSP (managed service provider) to come to your business for installations, troubleshooting, or network setups. This shouldn’t have to be a huge production. Having a local IT company available for quick service calls is a huge advantage.

3. Look for forward-thinking companies.

Not only do you want your IT company to focus on maintaining your current network and system structure, but you also want them to propel your business forward. Whether fast or slow, growing should be a primary concern for any business.

Some IT companies are more capable at scaling their services than others. Essentially, you want to find a company who will propel your business forward with their own IT ideas. They also need to have the employee-power and IT resources to scale your business up with ease and efficiency. As you expand, you don’t want to have to switch IT companies.

4. Make sure you can choose your level of service.

Again, needs vary where IT is concerned. You certainly do not want to pay for services you don’t need and won’t use. For this reason, look for an IT company who offers a range of service levels.

Most IT companies offer at least two or three levels of service. For example, they may offer an entry-level fee for simply monitoring your systems and alerting you as soon as possible if there’s a breach. If you require network setups, software installations, and other management services, you‘ll naturally want a higher level of service. Having options is the main concern here.

No matter what IT company you choose, it’s important to take your time, and do your research. Your IT company will be one of your business’s most important assets. Hire well, and you’ll reap the benefits of easier daily operations, higher returns on investment, and ultimately, more business opportunities.

Outsourcing IT Makes Sense for Small Businesses: 7 Reasons

Woman Outsourcing Technology Support

Woman Outsourcing Technology Support

If you’re a small business owner, you have plenty of things to worry about. IT shouldn’t be one of them. We think it makes complete sense for most small businesses to outsource their IT needs to a managed service provider (MSP). Here are 7 reasons.

1. Focus on What Makes You Unique

This first reason is a big one. Small businesses have limits on how many people they can hire. If you try to keep all your IT in house, you’ll devote a decent number of your hires to IT once you reach a certain size.

Here’s the problem: your business isn’t IT. (If it is, you probably don’t need this guide!) Outsourcing your IT frees up capital and office space that you can instead devote to your core business. Outsource your IT so you can better focus your staff on whatever it is that makes you unique.

2. Access More Skill

With an in-house IT team, you’re limited to whatever number of specialties you can afford to hire. Your IT team will work hard, and its members will stretch their skills and find a way to accomplish things outside their skill set. Their work won’t always be done in the best way, though. By outsourcing your IT, you gain access to a broader range of skills and certifications. You can rest easy knowing that it was done right from the get-go.

3. Do More, Faster

Related to the previous point, your IT needs will be met faster by a dedicated team of experts than by a small but well-intentioned in-house team. All that time the in-house team spends poking around looking for answers to problems that lie outside their specialties is the time you’re paying for. With an MSP you’ll usually get the right answer, right away.

4. Reduce Personnel Costs

When you hire in-house IT staff, you’re on the hook for all the associated personnel costs, like insurance, FICA, and so forth. These costs are often hidden and can be burdensome for small businesses. With an MSP, you pay a fixed monthly rate, and you don’t have to worry about administrative personnel costs. The MSP takes care of those for its employees.

5. Reduce Infrastructure Costs

Outsourcing IT to an MSP isn’t solely about reducing IT headcount and the costs associated with personnel. You can also save IT infrastructure costs by using an MSP. Service agreements vary, but some will include some or all hardware in the monthly fee. You can avoid large spikes in expenses for new equipment by choosing this kind of service agreement.

Your MSP can also move much of your IT infrastructure to the cloud, eliminating the need to house costly servers at your business. The less IT infrastructure you have on site, the less you pay to power and maintain that equipment.

6. Free Your Existing IT Team to Focus

For larger small businesses, outsourcing IT usually isn’t done with the intent of drastically reducing or eliminating IT headcount. It’s more about allowing your existing IT team to focus in and specialize.

If your IT staff has grown beyond just one or two generalists, you likely have some highly capable, highly qualified individuals on your team. Here’s a scary proposition: go ask those people how many hours a week are eaten up doing low-level IT errands like helping John in Accounting with basic computer questions or reminding Sarah from Accounts not to reply-all to emails?

Outsourcing your basic IT functions to an MSP allows your existing IT team to focus on their areas of specialization. You’re also free to assign in-house assets to IT functions that are core to your business or are proprietary.

7. Gain After Hours Support (Without Paying Overtime)

Outsourcing your IT needs to an MSP with a 24/7 service agreement means instant access to support anytime. With an in-house IT staff, you’ll end up paying overtime if a system goes down after hours. You may also have to wait for that IT staffer to physically arrive to fix the problem.

When you outsource, you get near immediate remote support, without the overtime. This is a great benefit to small businesses of all varieties and sizes. You’ll benefit even more from after-hours service if you have virtual team members or even satellite offices in far-flung time zones.

Conclusion

We’ve covered just 7 of the many reasons that outsourcing IT to a managed service provider is the right choice for small businesses. Do you have questions about specific aspects of working with an MSP? Let’s chat. We’re ready to answer.

3 Reasons to Regularly Test Business Systems

Business Computer Systems

Business Computer Systems

Protecting your business requires more time, effort and energy from your technology team than ever before. Business systems are increasingly complex, requiring staff members to continually learn and adapt to changing conditions and new threats as they emerge. It’s not unusual for a single ransomware incident to wreak havoc on carefully balanced systems, and this type of attack can be particularly damaging if you do not have the backup and disaster recovery procedures in place to regain critical operations quickly. From checking for system vulnerabilities to identifying weak points in your processes, here are some reasons why it is so important to regularly test your business systems.

1. Business System Testing Helps Find Vulnerabilities

The seismic shift in the way business systems work is still settling, making it especially challenging to find the ever-changing vulnerabilities in your systems. Cloud-based applications connect in a variety of different ways, causing additional steps for infrastructure teams as they review the data connectors and storage locations. Each of these connections is a potential point of failure and could represent a weakness where a cybercriminal could take advantage of to infiltrate your sensitive business and financial data. Regular business system testing allows your technology teams to determine where your defenses may need to be shored up. As the business continues to evolve through digital transformation, this regular testing and documentation of the results allow your teams to grow their comfort level with the interconnected nature of today’s systems — which is extremely valuable knowledge to share within the organization in the event of a system outage or failure. Experts note that system testing is being “shifted left”, or pushed earlier in the development cycle. This helps ensure that vulnerabilities are addressed before systems are fully launched, helping to protect business systems and data.

2. Business System Testing Provides Valuable Insight Into Process Improvement Needs

Business process improvement and automation are never-ending goals, as there are always new tools available that can help optimize the digital and physical operations of your business. Reviewing business systems in depth allows you to gain a higher-level understanding of the various processes that surround your business systems, allowing you to identify inefficiencies as well as processes that could leave holes in your cybersecurity net. Prioritizing these process improvements helps identify any crucial needs that can bring significant business value, too. This process of continuous improvement solidifies your business systems and hardens security over time by tightening security and allowing you to review user permissions and individual levels of authority within your business infrastructure and systems.

3. Business System Testing Allows You to Affirm Your Disaster Recovery Strategy

Your backup and disaster recovery strategy is an integral part of your business. Although you hope you never have to use it, no business is fully protected without a detailed disaster recovery plan of attack — complete with assigned accountabilities and deliverables. It’s no longer a matter of “if” your business is attacked but “when”, and your technology team must be prepared for that eventuality. Business testing allows you to review your backup and disaster recovery strategy with the parties that will be engaged to execute it, providing an opportunity for any necessary revisions or adjustments to the plans. Whether a business system outage comes from a user who is careless with a device or password, a cybercriminal manages to infiltrate your systems or your business systems are damaged in fire or flood, your IT team will be ready to bring your business back online quickly.

Regularly testing your business policies and procedures and validating your disaster recovery plan puts your organization in a safer space when it comes to overcoming an incident that impacts your ability to conduct business. The complexity of dealing with multi-cloud environments can stymie even the most hardened technology teams, and the added comfort level that is gained by regular testing helps promote ongoing learning and system familiarity for your teams. No one wants to have to rebuild your infrastructure or business systems from the ground up, but running testing procedures over time can help promote a higher level of comfort within teams and vendor partners if the unthinkable does occur.

Size Doesn’t Matter: 7 Ways Small Businesses Should Think Big

Small Business Tips

Small Business Tips

You may be a small business, but there’s no reason you have to think or act small. Today’s technology innovations offer small businesses all sorts of powerful tools that just a decade ago weren’t available or were only affordable to large firms. Technology can help small businesses think like big ones in all sorts of ways. Here are 7 ways small businesses should start thinking bigger.

1. Embrace the Cloud

There are numerous cloud-based technologies that can help your small business punch above its weight. By embracing the cloud, you can save money, improve your staff’s productivity, and expand or contract IT operations far easier than you could without the cloud.

Entrust things like email and calendar hosting, file storage, and video chat to cloud-based software and infrastructure solutions. Most small businesses will pay less for a cloud solution than they would to purchase and maintain servers and software. This is due to the economy of scale: your cloud provider is operating at a very large scale, so the cost of adding just a bit more server space is negligible. Without cloud services, your small business shoulders all the unique setup and maintenance costs all your own.

2. Improve Your Website

Sometimes the difference between a successful small business and a failing one is as simple as the quality of their website. Your website is your digital storefront, but it’s also your digital billboard, white pages, classified ad, and more. If it looks terrible or doesn’t function well, you’re sending a poor message to your customers and prospective customers.

If revamping your website is more than your business can do well in-house, consider contracting with a vendor for this crucial task. Many managed service providers offer this service or can contract with qualified vendors who do.

3. Leverage Social

Your business needs a social presence, even if it’s small. This is true of all small businesses, but the smaller your business, the more important grassroots tools like social become. Share content regularly (including photos and videos) and encourage your most loyal customers to do the same.

As your brand’s social presence grows, it’s important to keep an eye on your reputation. What are people saying publicly about you? Is there anything you need to intervene on? Social can be a great avenue to see what challenges your customers are facing.

4. Use CRM Software

Customer resource management (CRM) software is the way big businesses keep in contact with customers in an organized fashion. CRM software isn’t limited to large firms, though. Affordable cloud-based options that work well with small business are available.

5. Big Data Isn’t Everything

Big data helps big companies win, right? That’s what we’re always hearing, and there’s truth to it. That said, we’ve all seen plenty of examples of big data leading companies astray, like “targeted ads” that miss completely or hyper-local campaigns that come off as fake or out-of-touch.

As a small business, you have access to something big businesses don’t: real, interpersonal data. Call it “small data” if you like. You likely know your customers much better than large firms do. Write down the things you learn. Better, input that information into your CRM software. You have the ability to send more personal notes than your large, faceless competitors. Capitalize on this.

6. Plan to Plan

You have a business plan in place, but as you grow, does your business plan grow with you? Your small business runs the risk of losing focus as it grows. Employees and leadership get so focused on daily tasks that they don’t keep their eyes on the overall plan. In other cases the overall plan becomes outdated and less applicable. Schedule time each year to review your business plan and goals, just like the big guys do.

7. Don’t Go It Alone

Lastly and most importantly, don’t go it alone as a small business. Your business is unique, set apart by some feature, product, or ethos that your competitors don’t have. Focus as much of your energy as possible on that thing, on your core competencies. As much as possible, divest yourself from other things.

One of those other things, for most businesses, is IT. Partnering with a managed service provider (MSP) to implement and support your IT infrastructure can save you money and increase productivity. You’ll also gain access to a deeper bench of IT professionals than you could afford to keep in house. If you’re ready to explore what we can do as your MSP, contact us today.

How Much Should A Company Invest In Information Technology?

Business IT Budgets

Business IT Budgets

The rapid increase in technology use in businesses has affected every industry. Across all businesses, the need to keep up with the competition means paying attention to what technologies are available and incorporating the right tech tools as they become viable. Whatever your business, you know that you need to invest in information technology to excel in your industry. But how much should you invest, exactly? To determine your IT budget, you need to look carefully at your industry, your business goals and most importantly, what you can reasonably expect information technology to do for you on your path towards those goals.

Putting Technology Investment in Context

Depending on what stats you read, it appears that businesses spend anywhere from 3% to 6% of their budget on IT. The average spend on tech is expected to go up in the coming years, but no one is quite sure how much it will increase. It makes sense to expect an increase, of course, given the drastic increase in tech adoption across all facets of daily life and business. But the amount of increase is hard to be certain of because no one is sure exactly what the future holds.

What is clear is that an IT budget is necessary for building and maintaining a business. However, the size of that budget can vary considerably depending on the business and the industry that business is part of. In a study conducted by Deloitte, it was found that banking and securities spent 7.16% of their budget on IT—the most of any industry—while construction spent the least at 1.51%. Other industries spent somewhere in between. Such a large difference in spending is indicative of a spectrum of need for IT that differs significantly depending on the business. Those differences make it impossible to define a one-size-fits-all budget percentage for IT for all businesses. There are simply too many variables to consider.

How to Determine How Much Your Company Should Spend on IT

Guidelines on how to determine your own IT budget can be much more useful than a blanket statement about how much you should spend. By knowing what questions to ask, you can get the answers you need to form your own ideas about what your company needs as far as IT goes.

Some questions you can ask include:

Do we need an IT budget?

The answer to this is an obvious “YES”, but it is worth coming up with your own reasons for having a budget to begin with. The closer you look at your circumstances, the more apparent it will be that IT is simply a part of doing business and an area that you will always have to navigate as a company. And it is not enough to put off IT decisions until you make a split-second purchasing decision financed by extra cash you have lying around—not if you want IT to generate reliable results. For long-term success, you need a specific budget.

What is the budget for?

IT investments should serve to further your business objectives. Pulling a random number out of the air is not going to achieve optimal outcomes. The budget should be set to ensure that you can use the technology you need to achieve the outcomes you desire. Of course, to answer this question, you may need to clarify your business objectives and your IT needs. The CIO, CMO and other business leaders can work together to set guidelines for what needs to be accomplished and the budget can be built from there.

Are we spending more just because?

Knowing that business spending on IT is increasing in many industries is useful, but just because others are doing it does not mean that you need to do it. Increasing spending on IT is not enough on its own to improve your business. That increased spending needs to have a purpose. Maybe you are upgrading important infrastructure. Or, perhaps you know of a new tech tool that is virtually guaranteed to make you more competitive. Just make sure that an increased budget has a purpose.

Is the budget based on current economic conditions?

Some businesses are still stuck in a recession mindset. They try to avoid any extra spending because they think it is a necessity for survival. But if the economy has picked up, it is vital to take advantage of increased revenue to bolster your technology while you can. The better you equip your company to move into the new age now, while you have the resources, the more capable your company will be of weathering any storms to come.

The reality of IT budgets is that they need to be customized to the business using them. Fortunately, the process of determining the IT budget can greatly improve your company’s understanding of where it is, where it is going and how technology will help it get there.

How to Cyber Secure Your Company in 60 Minutes or Less

Cyber Security

Cyber Security

In today’s digital economy, cybersecurity is just as important as traditional, physical security. Many small businesses that wouldn’t dream of leaving their stores or offices unlocked and unguarded give little time or effort to a cybersecurity strategy. That’s in spite of 2018 research from Hiscox revealing that nearly half of small businesses suffered a cyber attack in the year prior to the study. Clearly, the notion that hackers won’t bother with the “little guy” is mistaken.

Other reasons that small businesses ignore cybersecurity include lack of resources and understanding. Physical security can be felt and seen. Locked doors, security cameras, and security guards are visible deterrent features.

Cybersecurity is different. It’s mostly invisible, and your average user won’t notice it. That said, cybersecurity isn’t as difficult to implement as some imagine. Here is how to cyber secure your company in 60 minutes or less.

1. Audit Your Existing Cybersecurity Measures

If your company has any cybersecurity measures in place, the first step is to review these. Look for holes or vulnerabilities in your plan. Review your internal IT policies, looking for weaknesses that a disgruntled employee or even a bad actor could exploit.

If no one in your company is in a position to perform this audit, or if you aren’t sure whether you have any cybersecurity measures in place, you need to bring in a consultant to perform this task. If you’re working with a managed service provider (MSP) already, check to see whether cybersecurity is a service they offer.

2. Train Staff on Phishing Techniques and Other Email Scams

Remember that notion that master hackers probably aren’t interested in coming after your small business because you’re the little guy? There’s actually an element of truth there. The likelihood of some shadowy group of elite European hackers employing TV-show-level hacking skills to break into your computer systems is pretty low.

That doesn’t mean you’re safe from all cybersecurity threats, though. Most of the time, hackers will get into your system by phishing.

Phishing Explained

Phishing schemes can take on a number of forms. Generally, they involve a realistic-looking email that’s made to look like it comes from a trusted organization (say, Microsoft) or from a trusted and important individual (say, your CEO or another executive).

Organization-based (or credential-based) phishing campaigns may include a link to a convincing but fake login page. Users enter their credentials, which go straight to the hackers who set up the scheme. Those hackers now have credentials necessary to log onto your company’s systems.

Personality-based phishing campaigns usually involve some social engineering. The “CEO” tries to convince a low-level user to do something that’s a breach in policy, and the user complies, hoping to impress the CEO. Instead, he or she gives away the store.

Training Is Key

Phishing schemes are not that complicated, and most users can identify them easily with even 60 minutes or less of training. Invest in this training to keep your business safer.

3. Set up Two-Factor Authentication

Two-factor authentication (2FA) is an added layer of security that can be enabled on many types of accounts. With 2FA, users enter their username and password as normal, but there’s an additional step. Users will also need to enter a randomly generated code (usually sent via text message). 2FA should be enabled wherever possible in your organization. Taking this step alone will cripple most credential-based phishing attacks.

4. Review and Strengthen Your Password Policy

Lastly, set up a password policy that forces users to create complex passwords and change them regularly. You’ll reduce your exposure to threats of stolen credentials and thus tighten up your cybersecurity strategy.

Conclusion

These 4 steps can help you improve your organization’s cybersecurity, but they aren’t a comprehensive strategy. We can work with you to form a cybersecurity strategy that’s comprehensive and customized to your business. Are you ready? Contact us today.