There seems to be a viral thing on Facebook whereby posts are created that are asking some of the following:
- Whats your favorite color?
- What’s your first pet’s name?
- What was your high school mascot?
Hate to rain on your parade, but think about this: what security questions have you answered to secure your online bank or credit card account? The same ones? Congratulations, you have now published – forever – the keys to your privacy.
It’s time to stop thinking about privacy as some sort of paranoid or “out-there” idea. EVERYONE needs to be more private.
Many databases – (especially on Facebook, you’ve taken the red pill) track your online habits. If you visit your bank or credit card site, Facebook knows, then matches up ads with your browsing habits. Now consider this: those databases can be hacked (and probably frequently are), AND you’ve published the answers to the security questions on Facebook for everyone to see.
The security questions that websites ask for should be guarded just like passwords.
As a managed service provider, or MSP, one of the things we do at Kirkham Systems is to become an organization’s “Virtual Chief Information Officer” or vCIO.
VCIO’s are not the company’s IT fix-it guy or help desk, although we also do that (as part of the vCIO role). Instead, the vCIO will take time to understand your company’s objectives, and create and implement systems to serve those objectives, the same as an on-staff CIO would.
Some of these things are:
- Security Management
- Disaster Recovery and Backup Systems
- Researching new technologies
Perhaps one of the most important things for businesses of all sizes. Not only do you want to keep your company’s information private and secure, you want to also keep your customers’ information secure as well.
This is not as simple as just buying an anti-virus product and remembering to update the licensing annually. World-class security means implementing a good firewall, creating secure workstations, using security-first password techniques, among numerous other current and evolving techniques to be on the frontline of security threats..
Today, one of the biggest threats to small businesses is ransomware such as Cryptolocker. This threat is constantly evolving, and good security will prevent it 99% of the time, but just in case, make sure your data is strategically backed up, which brings us to…
Disaster Recovery and Backup Systems
These are two very different, but related things. An indivisible marriage of unique and equal parts. With backups, it is important to identify what data the company has that needs to be protected. The simplest way to think about it is what information is being created each and everyday in your business? Transactions, time tracking, production data all fall into this category. It is also easy to overlook emails, marketing materials, and other things that don’t seem as mission critical, but with the cost of backup storage being so low these days, why not protect those as well? After all, the value of the time that went into creating those documents is high.
Disaster Recovery is a bit of a different animal. Instead of thinking of “just” the information, disaster recovery is about preparing for an IT crisis, like a server going down, or even a catastrophic facility loss. It starts with the server(s) itself. A company that respects their IT investment will use top-quality server equipment from the best vendors. The servers themselves are designed to be fault-tolerant, able to continue running if a power supply goes bad, or a hard drive fails. Sometimes there are redundant and/or load-balanced servers to protect against traffic surges and entire server failures.
But you also have to think about what happens if a thief simply breaks in overnight and steals all of the servers in your business? Or there is a fire or flood. A natural disaster that keeps you from the office for over a week. Sure, you may have the data backup up offsite, but what about being able to actually use the data? How and where are you going to get Quickbooks installed and running? How long can your business operate with a catastrophic failure?
Planning for disaster recovery is a function of time and money. It is possible to prevent practically any downtime by using load-balanced servers distributed all over the world. (Of course, this assumes that your company’s internet connection is reliable and redundant as well). This is what Google and other companies do. This is also very expensive, but they don’t go down. A vCIO will understand and quantify the impact of a server loss on the company and implement a system that will balance cost restraints with maintaining the company’s operations. Which brings us to this…
Everyone likes predictable costs, and IT should not be treated as something to deal with when it breaks. Workstations and servers are cheap these days – but cheaper doesn’t always mean better. Shrinking that line item won’t necessarily help other parts of your business soar. In fact, it may slow you down.
The loss of productivity from slow or intermittent failures are the real cost factors. vCIOs know that workstations, servers and other equipment fail or become inefficient at a certain time point, and will plan accordingly. We determine the right formula for your business, set-up and team. That’s not just for FY 2016 – that is for the road ahead. As a vCIO these budgets reflect growth and the road ahead. You’re not going to be in business for one year, you’re going to be in business for many, many years. Our budgets reflect that. The same way we budget for our own company.
For example, a typical company with 20 workstations and 2 servers, I would start with budgeting for 5 workstations a year, and a new server every 5 years. This is highly variable for individual companies, because some computer users may bill at $300 an hour, and others may cost the company $20 an hour in salary, so generally, the more revenue or expensive the person is, the more frequent the workstation should be changed (I buy a new laptop every year :)). Many other factors should be considered, but that is what a vCIO does, as well as constantly working on improving company’s efficiencies by…
A CIO that does not continually stay up-to-date with new technologies will not be a CIO for long. I don’t think there is another industry that requires as much daily education as information technology. I spend 20 hours a week – give or take – just reading technology blogs and papers. Not to mention how much time our entire team spends learning about and refining their craft.
And, it is not all about finding a new technology and deploying it. It is important to understand the difference between “leading edge” and “bleeding edge” technology. Every single piece of technology, whether it is hardware or software needs to be carefully analyzed before purchase to understand it risk and rewards. A promising technology that will revolutionize your company might be worth taking a risk on the bleeding edge side, but an upgrade to your accounting software most certainly would not – you need that to just work.