Facebook-f Twitter Linkedin-in

network

The Modern Office and Business Continuity

by

What you need to know to protect your company

The modern office requires that all components of your business environment work together harmoniously to ensure the best use of your IT infrastructure and seamless scalability as your business grows. One of the major components of the modern office is business continuity. This is an imperative piece of a solid IT plan for every company regardless of size or industry.

Business Continuity                 

When IT professionals discuss business continuity, they are generally referring to a proactive approach of having the right processes and procedures in place to ensure mission-critical functions continue to work properly in the face of a disaster or while a business is recovering from one. When it comes to business, there are many moving parts that still need to continue operating smoothly whether your company experiences a devastating fire or a nasty data breach.

The IT and business statistics are shocking. In the last five years, one in three organizations were hit by a virus or malware attack, according to DataCore, and more than half of companies (54%) experienced downtime that lasted more than eight hours. That’s a full day of work lost! While DataCore shows only 35 percent of outages are caused by natural disasters, 45 percent of outages are operational and another 19 percent are due to human error. These site outages can cost businesses thousands of dollars in lost revenue and restoration costs for every incident. Gartner, Inc., a global research and advisory firm, estimates that only 35 percent of small and medium businesses (SMBs) have a comprehensive business continuity plan and the financial loss for every hour of downtime can reach into the thousands even for SMBs.

Business continuity requires comprehensive planning before tragedy strikes an organization to allow them to overcome long-term challenges that would otherwise stop them in their tracks. With prior planning, business continuity ensures your entire business returns to full functionality as fast as possible following a crisis. That means everything from vital employee records and payroll to stored data access and email.

Think Cybersecurity

One of the first steps in a complete cybersecurity plan is business continuity. To start, you’ll want to ensure your business employs the best technology to combat the latest threats from ransomware and malware to other types of breaches. This means updating protections such as antivirus and firewalls, using multifactor authentication, and engaging your employees in ongoing, meaningful cybersecurity training.

Cybersecurity plans, which are typically handled internally by the chief information security officer (CISO) in larger businesses, should be designed as a living document that can expand and adjust when necessary to meet the changing needs of your business. Small to medium enterprises often don’t have a dedicated CISO so they can outsource this responsibility to organizations like ORAM Corporate Advisors.

Written Information Security Plan

As part of your business continuity plan, you’ll need a written information security plan (WISP), which also happens to be a requirement of many regulatory bodies, especially for businesses who contract or subcontract with the government and financial institutions. While government regulations vary from state to state and with the federal government, in Massachusetts this written document should contain, “certain minimum administrative, technical, and physical safeguards to protect” personal information such as names, driver’s license numbers, social security numbers, and financial account numbers. You’ll need to check with both your state and federal government to determine which regulations impact you as well as any industry-specific regulations. This is another place a CISO or third-party IT vendor can help.

Your WISP should designate an individual responsible for maintaining your IT program. This may be a business owner, CISO, or even a trusted advisor such as ORAM. It will also need to identify any reasonably foreseeable data security risks as well as protect and restrict access to electronic data that may include personal information for your employees and/or clients. This plan should also outline the oversight of third-party service providers and ensure those providers comply with local, state, federal, and industry regulations as well.

Because your business and its processes, risks, and procedures are unique, your WISP will be very specific to your organization. It cannot effectively protect you from culpability in the event of a breach or loss if it doesn’t address the particular risks of your company or if it includes practices that have not been put into practice in your business. Through coordination with your IT team and/or third-party IT vendor, you will need to identify “reasonably foreseeable risks” to ensure your WISP includes the practices your business adheres to.

In addition to IT functionality, your WISP will also address the non-technical operations that will still need to work in a disaster situation to keep your business moving forward. For example, it might address the accounting measures you have in place to keep employees and bills paid and clients invoiced if the worse should happen.

What Crisis Looks Like

Stolen laptops, lost cell phones, and an employee clicking on a phishing email that infects your entire network. These are all crisis that can and often do occur in the business world. Think of all the critical information that can be lost, stolen, or even held ransom. What do you do and who do you talk to? This is where planning ahead and having a WISP helps. It will outline how to respond to a variety of incidents.

Lost your company cell? Your WISP will inform you of who to call to wipe the lost phone and deactivate it before serious damage can be done. Did your organization experience a data breach? Your WISP will have identified a data backup plan so that nothing is completely lost. Has a virus made accessing email impossible? Your WISP will have determined if your email is stored locally, in the cloud, or both to decide how to get it up and running again fast. This thinking ahead with recommendations by your IT team or third-party vendor will help ensure you have continued access to business email which is the lifeblood of most commerce today.

Recovering from Incidents

One of the best things your WISP will do is outline policies and procedures for how to react and recover in a crisis situations. Regardless of the disaster that strikes, your WISP will point you to who to contact and how to react. Part of your WISP will address incident response and crisis management to minimize the impact when things do go awry, as they inevitably do.

Incident response and crisis management involves having the ability to maintain critical business functions during a disaster scenario. It also encompasses having plans in place for a rapid recovery from catastrophic incidents. If your business were to experience a flood, fire, or data breach today, would it be able to recover quickly and efficiently? Business continuity is all about having a plan in place that expects the unexpected and is prepared to handle it.

When it comes to IT and business continuity, the big question is, “How do you operate tomorrow?” If you don’t know the answer, it’s time to get a plan in place starting with an evaluation of the foreseeable risks your organization may face and a WISP to address them. Think of it as an insurance plan that also helps your business with regulatory compliance. When disaster strikes, your business’s IT team, CISO, or third-party IT vendor should have already given you advice. Hopefully, you have followed it. Then you know who you can call when things go wrong so they can tell you how to react to keep your business moving full-steam ahead.

If your company or organization needs assistance with risk assessment, developing a WISP, and planning for business continuity, call the trusted advisors at ORAM today at (617) 933-5060 or visit us online. Our experienced professionals are here to help and we are dedicated to partnering with small businesses to assist them in achieving success.

Budgeting for Technology in the New Year

by

How to squeeze the most out of your IT and save your business money

With the New Year in full swing you’re probably preparing to implement your updated information technology (IT) plan. As a business owner or leader, you probably have many questions such as, “How much should my business budget?” You may also be wondering if you’re making the most of the IT you already have in place. In this blog, we break down what every business should be budgeting at the very least as well steps for ensuring your business has the technology it needs and that your network is as secure as possible.

Cloud Computing
If your business has not yet migrated to the cloud for your email and other services, now is the time to do so. There are several reasons it is best for businesses to move to the cloud. From saving money to better data security, cloud computing offers a ton of benefits to modern businesses.

To begin, establishing and maintaining your own data storage is expensive. Not only do you need to purchase the right hardware and software, but you have to hire people to install it and set it up. Cloud computing allows you to pay for just the services you use and can reduce your IT costs. It is so affordable that is was estimated in research by McAfee that nearly one-third of worldwide enterprises would be using software-as-a-service (SaaS) by the end of 2018. Cloud providers typically charge based on the features you choose, storage used, and number of users. Most also charge for time and memory space. This means you get to select the package that best suits your IT budget.

Cloud computing also allows you both flexibility and scalability. Cloud computing lets your employees work from anywhere they have internet access through virtualization. Giving employees the option to work remotely means you can cut the number of workspaces at the office further reducing your costs. In addition, scaling Cloud computing services is a cinch. You don’t have to spend a ton of money on new servers, storage, and licenses as your business grows. With the cloud, you just sign up for additional storage space or features as your business needs them.

If you store your own data, a breach or disaster such as a fire could devastate your business’s valuable information. With the cloud, your data will always be available as long as users have internet access. Many businesses use the cloud specifically for backup and disaster recovery for this very reason.

Data security is also a top priority in this day and age of hacks, breaches, and ransomware. Email is the lifeblood of most businesses to ensuring it is secure should be a top priority. Storing data and using email on the cloud is often more secure than storing it or hosting on physical servers and data centers in your office. Laptops and desktops can be stolen as can other hardware. Data on the cloud can be deleted remotely or moved to a different account and hackers face a greater challenge in breaching cloud platforms so your data is simply more secure. As a matter of fact, 85 percent of enterprises keep sensitive data in the cloud according to Vormetric.

Finally, cloud computing is one of the most effective ways to promote collaboration and it gives you a wide variety of service options to choose from. Your employees will be able to easily share data, collaborate on projects, and provide updates in real time from the field. Time wasted on repetitive tasks such as data entry are no longer an issue and you get to choose the services your business really needs whether it is abundant storage or software from a wide range of providers.

Leveraging Your Existing IT
Hardware and software can be hugely expensive investments for many businesses. Your business needs to get the most out of every bit of IT it has invested in. For example, you may already be using Office 365 for email but is your business using it for file sharing or collaboration between teams? A network assessment and IT audit can tell you where you have room for improvement, opportunities for growth, and options for cost savings.

A study by Bank of America in 2017 revealed small business owners found the greatest barrier to achieving a balance between work and their personal life involved administrative tasks. Perhaps you have software that can help you automate administrative tasks to help your business free up time. For example, Intuit’s QuickBooks Self-Employed software has an expense management system built right into it. An independent IT auditor can show you how to best use what you already have to meet your organization’s needs without spending more money unnecessarily.

Hardware Replacement
Most businesses cannot afford to replace their desktops and laptops all at once. This is especially true when the average lifespan of a desktop today is between three and five years according to a piece by Chron, an online news source.

“Of course, this number is just a generalization and a number of factors play into lifespan, ranging from the computer’s quality, care, and room for upgrades,” according to the blog, “What is the Life Span of the Average PC?” “For small business owners, every new computer is an expense and an investment, one whose worth over time largely depends on how you use it and care for it.”

Laptops are also a typical expense for most businesses. According to a blog by TechGuided, the lifespan of a laptop will depend on the quality of the product you purchase, how often it is used, and how it is maintained. “A mid-range laptop should probably last around four to five years, though, give or take a year or two depending on how you use it,” advises the piece.

To make such updating of your IT more affordable, we recommend making replacements in quarterly cycles rather than all at once. Your IT personnel or your IT auditor can make recommendations as to which hardware needs to be replaced immediately, which can hold off for a few months, and which pieces still have a good life ahead of them. Based on these recommendations, you can schedule a plan for cycling out old hardware each quarter on a regular basis. This serves to level out your IT spending rather than investing a ton of money all at once.

According to an article by Business.org, businesses should “expect to pay between $400 for a basic model with limited storage space to $3,500 for a top of the line desktop with a large hard drive. Desktops also range in price based on operating system as well. For example, models that run Windows may be less expensive than Apple models. Apple desktops vary in cost from $1,500-$3,500, depending on which features you need.”

The same piece also stated that laptops “range from $300 for the most basic models to $3,000 for high-speed models with large storage capacity. Similar to desktops, laptops also vary in cost depending on which operating system you prefer. Apple laptops tend to fall towards the middle of the price scale, ranging in cost from $1,000 to $2,500. Laptops that run Windows have a wider price range, and cost depends mostly on features and brand.”

The Latest Software
In addition to hardware, businesses will also need to consider the software they are using. When you purchase software, it is licensed to your business and may have an end date to your user agreement. Additionally, software changes over time and there may be upgrades that could benefit your company or even new software that is better than what you have.

This is where the IT audit can once again assist your business with saving money. Your IT auditor can evaluate your existing needs versus the software you have in place. They can determine if you have the latest software or if the software you have simply needs to be patched or updated. A real IT expert can educate you about software to help you achieve your business goals while saving you money. Based on their recommendations, you can choose to either use what you already have or purchase better software to save your business money over the long term.

Email Security
As we mentioned before, email is as critical to business continuity as breathing is to life. That means you need to have quality security for your email. Software such as Microsoft Office 365 and other programs can scan for threats, identify phishing attempts, and filter spam. Programs such as Mimecast offer many of the same advantages and can also aid employees when it comes to identifying websites as safe or unsafe to visit based on URL reputation. Anti-virus, anti-spam, and firewall software are also good to include in your IT plan.

The cost of software will vary by brand and product. For example, a one-year subscription to Office 365 Unlimited Professional is just $99.00 online. That cost covers up to five desktops, five tablets, and five mobile devices such as smartphones. There are also monthly subscriptions to Office 365 Business for as little as $8.25 a month. What you spend will ultimately depend on what software you purchase or subscribe to, how many devices you need to cover, and for what length of time.

Technology Awareness Program
All of the hardware and software in the world won’t protect your business if your employees are not technology savvy. Any IT expert will tell you that regularly-scheduled, ongoing employee education is the cornerstone of securing your business data. This is something that every business should budget for because it’s your employees that can make or break your business.

The cost of security awareness and end-user training will, again, vary from business to business. This is because most companies that handle Technology Awareness Training programs, such as Oram Corporate Advisors, base their rate on how many people are being trained, how in depth the training will be, and how frequently you host trainings. Ideally though, businesses should train every new employee as part of their onboarding process with all-staff training every six months to keep employees updated on the latest threats and how to avoid or combat them. This investment in training will pay off in dividends as each employee becomes more aware of the threats they face and their role in protecting your business.

At the end of the day, how much your business should budget for technology this year will depend on a variety of factors from how you store your data to what hardware and software you have as well as your business goals. If you would like more information about IT asset management, network assessments and IT auditing, or other IT support services, please contact Oram at (617) 933-5060 or visit us online. We can even schedule a free technology assessment to get your business started off on the right foot in 2019.

Technology Assessments: What they are and why every business needs them

by

Technoology Assessments

Information technology, or IT as it is known in most modern business settings, can be a challenge for small to medium business owners. Whether your business may have its own IT expert in-house or be too small to employ its own, your organization uses IT every day. Government regulations change regularly and growth means IT needs to adapt, too. Additionally, the world of technology is always experiencing new development.

That’s where technology assessments come in. Every business should undertake an annual technology assessment to ensure its IT needs are being met. Here’s a look at what technology assessments are, the purpose behind them, and what types of things they evaluate.

Technology Assessments
Every organization uses technology. Whether your business is using the internet for ecommerce, your non-profit is building a new business website, or your company is sending and receiving emails, you and your employees utilize IT. As your business grows, the complexity of your IT does as well. This can be a challenge for small to medium businesses, however, as they often don’t have the budget to hire a full-time employee to handle such matters. Even if you do have IT staff on hand, they may be so busy that a third-party such as ORAM may be the key to getting your annual IT assessment done quickly and efficiently.

This is where an independent technology assessment comes in. Such assessments evaluate multiple aspects of your existing IT to determine if what you have is effective enough to cover your growing organizational needs and, if not, what changes need to be implemented. Just as you should see your doctor every year for a full physical, your company also requires an annual IT checkup.

The Purpose of IT Assessments
The costs of IT are rising every year, the complexity of IT planning is becoming increasingly difficult, and regulatory compliance is beginning to overwhelm organizational leaders. An annual technology assessment can tell you what your company currently has in terms of IT to overcome these obstacles versus what it really needs to achieve your technology and business goals.

An IT assessment should cover several aspects of your business technology including:

• Strategically evaluating whether your IT infrastructure is ready to grow with your business.
• Identifying areas of opportunity to improve your business processes and reduce your IT costs.
• Pinpointing any “red flag” areas that require deeper analysis and adjustments.
• Prioritizing your IT investments to reflect your business strategy.

What They Do
Information technology assessments examine your existing IT infrastructure and business goals such as growth. Through this audit of your business’s current systems and processes, it can be determined if they are effective at meeting your organizational goals.

For example, if you operate a law firm that wishes to grow by 10 percent each year for the next five years, your IT must be able to adapt to the changing needs of your law firm. In addition, you are bound by several governmental regulations such as the protection of your client’s personally identifiable information (PII). This means you must have achieved a certain level of security to meet those requirements with your IT.

An annual assessment can determine if the IT your business has in place is capable of handling these requirements and, if not, what adjustments need to occur. A strong technology assessment will answer the following questions:

• How is the health of technology in my organization?
• Is my business using technology to its fullest extent?
• Can my existing technology accommodate growth?
• Is my company exposed to risk that can be avoided with proper planning?

What They Cover
Just like a physical, an IT assessment comes with a checklist of things that are covered to ensure the best IT health and the lowest risk to your organization. Areas that should be covered in your IT assessment include the following:

• Physical assets: Servers, desktops, laptops, telephones, networks (internal and external), Peripherals (scanners, printers, copiers, etc.), and data management and tracking (such as storage and disposal)
• Applications: Desktop programs, email management, accounting and other business-critical applications, document management, security programs, and your organizational web site
• Policies, Procedures, and Processes: Business continuity plans, disaster recovery, change management, security management, on-boarding and off-boarding of employees, ongoing IT training, and help desk
• Partner & Vendor Management: Collaborations, sales, purchasing, software licensing, voice and data circuit providers, third-party service providers
• Industry or Business Specific Details: Government-issued regulations, industry requirements, and unique company needs

This list of items is reviewed by conducting interviews with key people in your business and through checks of your business infrastructure. During the interviews, you or your IT staff will be asked to answer specific questions about the technology in place that supports your organization. You will also be questioned about your business and its goals.

When ORAM conducts a full technology assessment, we have a list of 300 questions that thoroughly examine everything from your existing IT policies and procedures to your key IT assets and their settings. We also look at the infrastructure of your organization to determine what you have, how well it works, and what you need. All of this is wrapped up into a results report specific to your company.

Results-Oriented IT
All of the data gathered during the assessment is put into a final report that will allow business leadership to make informed decisions about the IT of your company. In addition to the current status of your IT health, recommendations will also be made to keep your business operating smoothly, protected against threats, and compliant with industry and/or government regulations. Business leadership should review the results to determine what steps to take in order to keep moving forward with safe, effective, and efficient IT that meets business goals within their budget.

The final report is also a terrific means for documenting your IT and planning business continuity in the event of a disaster such as a breach. While this is a wonderful report that can do much to support your business health and goals, it does need to be updated annually to address the changes in technology and your company.

Why Every Business Needs IT Assessments
Since every organization uses IT, every business needs an annual technology assessment. The final report is not only a document that keeps businesses on the cutting-edge of technology and security, but also provides assurance that government regulations are being achieved. Finally, it gives leaders a look at the IT health of their company and acts as a roadmap to guide them through the necessary changes to their existing technology that will allow them to achieve their desired outcomes in the future.

If you are interested in a short, free technology assessment by ORAM, a full technology assessment, or simply have questions regarding your organization’s IT, please contact ORAM at (617) 933-5060 or visit us online today.