Tag Archives: huntington beach

Network Security For The SMB

I want to take some time to discuss the importance and affordability of securing your company's network and data.  Most SMBs I come accross are not doing enough to protect themselves against the myriad dangers threatening their organization.  Criminals are casting an ever-widening net on electronic targets; and now, more than ever, it is becoming essential that you perform some due dilligence as the operator of a small organization.

Some basic stats on 2011, according to Verizon's 2012 Data Breach Investigations Report: 2011 saw (according to Verizon):

  1. 850 Data Breaches
  2. Financial Sectors suffered the most incidents
  3. Financial gain appears to be the main motivation
  4. Increase in data breaches originating from external threats increased from about 80% to 92%
  5. Desktops, laptops, and point-of-sale terminals made the bulk of compromised end-user devices
  6. 60% of incidents were detected months or years after the fact
  7. The majority of incidents had a point of origin in Europe, the Middle East, and Asia
  8. Most data breaches are avoidable

If you are like most organizations, you most likely do not only store data critical to the operation of your own business; but also store personal and business data belonging to other organizations and your consumers.  Credit card numbers, social security numbers, accounts and passwords, confidential correspondence, and medical records.  If your organization is in the financial, medical, or legal sectors, you have the added responsibility of safeguarding this information in accordance with local, state, and federal laws.

Your number one priority as the IT decision maker of an organization should be limiting the vectors of attack a would-be attacker could use to compromise your systems.  In collaboration with your outsourced IT department, it is encouraged that you consider implementing at least a basic level of security which should include:

  1. Regularly updated antivirus from a reputable vendor
  2. The most updated antivirus engine from the vendor you use
  3. Firewall (server-based or network appliance) to close all unnecessary ports
  4. Spam Filtering
  5. Complicated, unique passwords; changed on a regular basis
  6. Preventative, regular sweeps for malware
  7. Regularly updated antivirus on File Servers
  8. Secured network appliances
  9. Proper configuration and physical location of network appliances
  10. Physical security of network appliances, servers, workstations

Additionally, users should be mandated to:

  1. Securely dispose of PCs and Media
  2. Utilize agreed upon password complexity
  3. Follow a separation of Duties
  4. Attend some sort of user education and awareness training; whether it be via newsletter, or in a training seminar
  5. Report on suspicious activity

With the proper policies and procedures in place, your organization will be better prepared to performe due care and due dilligence in protecting your data and your customer's data.  Considering how much benefit your organization derives from computing, the cost of implementing the most basic forms of security is relatively low.  Contact your IT provider to discuss your preparedness for a data breach.


Can My Organization Afford In-House IT?

If your company is just struggling to get off the ground, probably not.  As valuable as a well-trained staff of IT professionals can be for an SMB, an in-house IT shop may not be in the cards – or the budget.

Let's explore the development of an IT infrastructure as it relates to the maturation of the company, so that you, the Tech Decision Maker for your organization, can be better prepared to make the early leaps in IT you must make in order to move your company forward.

We can't talk about outsourcing versus insourcing without first discussing a maturity model for IT.  Most companies follow four stages of IT maturity as they develop.  These four stages are:

  1. Reactive  – The first stage of the maturity model.  Also known as the "Break-Fix" model, aptly named because "if something breaks, we need to fix it…yesterday"
  2. Proactive – The second stage of the maturity model involves some sort of managed-IT.  In this phase, resources are spent preventing issues and creating redundancies to prevent down-time
  3. Customer-Centric – The third stage of the maturity model involves the creation of multiple-levels of support.  Usually a call-center AND desktop support staff
  4. Business-Centric – The final stage of the maturity model involves the aligning of the IT Department's business goals with the goals of the organization as a whole

Many SMBs remain in the first stage of the maturity model for far too long.  This may be the result of the mindset of the organization as a whole; but more than likely, it happens because IT is more of an afterthought in the early years of the SMB.  It is the most disruptive (to workflow) and the most resource-intensive (ratio of IT dollars to organizational budget) stage of maturity.  When kept going for too long, it can cause unneeded stress to the organization as well as a bad case of indigestion to the IT person in charge of putting out fires.

Reactive IT is resource-intensive, yes; but in the formative years of the SMB, there can sometimes be no choice but to do business this way.

As your company develops, you should begin to think about ways to prevent fires from popping up.  A good way to do this without the expense of hiring an IT professional in-house is considering a manged-IT contract with an organization that will guarantee response times and some sort of service level agreement in return for a set monthly fee.

In theory, managed IT contractors work to prevent IT issues before they appear.  Usually, the SLA will involve:

  1. Some sort of monthly maitenance
  2. Coverage for labor to repair existing systems
  3. Alerting agents installed on workstations and/or servers in order to monitor network health
  4. Guaranteed hours per month onsite and remote

In practice, managed IT contracts are very effective in three ways:

  1. Many issues are repaired before they are noticeable.  It is in the best interest of the provider to keep your systems operating in excellent condition remotely than having to spend time sending techs onsite.
  2. You have guaranteed levels of service.  This means that you don't see dollars slipping through your fingers as a tech works away on a system on your premises.
  3. The organization is better able to budget for the monthly cost of IT.  There are very few surprises.

Reactive versus Proactive.  At a point in the organization's maturity, proactive IT actually becomes cheaper than reactive; and it happens sooner than most organizations think.

Back to in-house IT.  If your organization has an IT budget of less than $80k/year, you may want to consider outsourcing your IT.  In most cases, it can actually be done cheaper and more effectively from the outside.

Suggestion of the day: DO NOT outsource your company's IT to the Geek Squad, if you can help it.

We will leave the talk about Customer-Centric and Business-Centric IT for another discussion on another day.


Simplified Cloud for the Layman

I heard a great definition for three types of cloud at a Symantec conference late last year.

Public Cloud – Resources you utilize via the internet which you do not own

Private Cloud – Resources you utilize via the internet which you do own

Hybrid Cloud – A mixture of the previous two clouds

The average user does not realize it, but although this buzzword is rather new, cloud technology has been in use for more than two decades.  In the days of dial-up modems and DOS, we leveraged the power of systems we did not have a direct connection to via the internet in order to get stuff done.  Early internet users were posting to bulletin boards, leasing processing time on mainframes, and searching library records.  Although connection speeds have increased, as well as the variety of resources out there we have to pull data from, the average user utilizes resources for which the backbone was laid years ago.

As a teenager in the nineties, I can remember how fast AOL, Compuserver, Prodigy, and some lesser-known ISPs were rapidly gaining acceptance in mainstream life.  This was quickly followed by the rapid growth of free email services such as Hotmail, Rocketmail, Yahoo; and search engines such as Infoseek, Yahoo, Lycos, and the like.

The landscape has changed rapidly over the years.  The smaller dogs have either gone out of business or been swallowed up by the big dogs.  Today, the big players are Microsoft, Google, AOL, Facebook, Dell, and HP.  But the game remains the same.  Home users and business pros alike need to be able to leverage emerging technologies in order to make their lives and work easier and more efficient.

The bottom line in all of this is this: Don't get overwhelmed by the cloud.  Pundits and Experts LOVE to confuse people with their brilliance.  The truth is cloud is not new, is not going anywhere, and is a really simple concept.  It is STUFF on the internet that you either own, or do not own.  Period.

Please read "A Passion For Research" blog article on Gartner Hype Cycle for Emerging Technologies 2012 [Cloud Adoption by Business]: 



SMBs and leveraging the cloud

Cloud computing is a buzzword that has gotten so watered down in overuse that it has become almost meaningless in the public discourse, so I will have to follow this article up with an article addressing different types of "clouds".

Technology is notoriously fast-moving. Blink and you get left in the dust. SMBs know this and have had to rapidly adapt in an environment that pits them against much larger organizations with limitless resources. This unforgiving environment is the internet, and the great equalizer is who is leveraging tools better to get their message out to the public.  The last few years has seen an entry-point into cloud computing at a price that an SMB can finally buy in to.  A convergence of various technologies has allowed this to happen; making technologies once thought to be strictly in the domain of Fortune 500 companies, available to the average SMB.  Because of their smaller size, smaller companies may be better poised to leverage emerging technologies and rapidly adapt them to their workflow.  Rather than watered-down SMB versions of the products the big boys use, smaller organizations are leveraging the same servers that their larger competition are using in order to drive down startup costs.  How are they doing this?  The answer is simple – renting from a private cloud.

Take, for example, the price of an exchange server.  For an SMB, this used to involve investment in hardware, software, and licensing to the tune of thousands – even tens of thousands – of dollars.  The price of Microsoft Office 365 varies depending on the reseller you purchase it from.  At the time of this writing, a standard P1 25GB exchange account can be purchased directly from Microsoft for $6/user/month.  This pricepoint, minus the need to invest in costly equipment and servers once needed to host an exchange server, gives the average SMB the rapid scalability and elasticity that once was the domain of the big boys.

The major benefit of cloud computing for the SMB should be obvious – it keeps the SMB out of the IT infrastructure business, freeing it to focus on what matters most – meeting the bottom line and servicing customers.


IT Consulting      |       Managed IT       |      Cloud       |       Desktop Support         |       Privacy        |       Term of Use         |       Contact Us