Last week we began our discussion on disaster recovery with a look at RPO (Recovery Point Objective), RTO (Recovery Time Objective), and MTO (Maximum Time Objective). This week we’re going to give you a little insight in how IT companies set these parameters. Of course, there is no magic bullet or yellow brick road to instantaneously give us answers, but if you start with some good information, you are probably going to get good solutions. A large part of your calculation will consider how much the cost will be if your business is effectively shut down for any length of time.

The Cost of Loss

How much do most businesses lose because of IT problems? A study by Coleman Parks Research not too long ago estimated that small businesses lose an average of $55,000 a year due to downtime, data loss, and the cost of recovery. Mid-sized businesses are losing an average of $91,000. And these losses are before any major disaster. You may be asking, why aren’t I seeing this loss? How can it actually exist if I am not seeing it? IT companies know the answer is that it occurs in almost unnoticeable dribs and drabs. It’s the customer complaint that isn’t answered properly because accurate records couldn’t be found. Or business lost because the phone system was down for ten minutes. Or, even worse, angry customers because of a data breach. Yes, small companies suffer data breaches. You don’t hear about them because the media isn’t interested in the losses of a small company.

3 Step Business Impact Analysis

Your first step in understanding your potential loss should be the creation of a Business Impact Analysis. Many IT companies will have a version of this to help you implement. The primary steps include:

1: Create a list of your business’s core functions and the data required to keep these functions running. This includes processes critical to generating revenue: sales, accounting, etc. You should be including customer/client contacts, purchase orders and contract items, accounting and your other corporate records, as well as any other documents that will prove important to your business continuity.

2: Supporting infrastructure: what will you need if you have to replace damaged or destroyed equipment and/or software in the event of fire, flood, storm, or theft? It’s important to know what you will need to get your business up and running again. AND you need to know where and how you will obtain everything. Every day you are not operating, you are losing money.

3: Calculate your potential losses. Work with your accountant or in-house financial officer to figure out how much your company will suffer financially if unplanned business interruptions occur. Money that may be recovered from business interruption insurance is part of this. Calculate your losses from each part of your business to include loss from sales, loss of goodwill, aging and loss of value of inventory, etc. Now, here is the critical part: your potential loss will be a major factor in deciding how much you should spend on disaster prevention.

Next week we will continue this discussion by looking into the effect “time” will have on your disaster prevention decisions. In the meantime, we would love to start a conversation with you about disaster prevention and disaster recovery. If this is a concern of yours, and it is truly something every business executive should be thinking about, give us a call at 770.629.9615. We’ve been helping businesses just like yours as one of the top IT companies in metro Atlanta since 1992.

Until recently, managed IT services only included IT security as an add-on. Your IT support company would be responsible for installing and maintaining your network, including software updates, patches and fixes, and keeping your equipment running smoothly. IT security was often limited to the installation of a firewall and anti-virus applications. But with the growth in both the volume and the sophistication of cyber-crime, cybersecurity has become a major responsibility of IT teams. In larger companies, entire new departments have been created for network security, often with new executives in charge. New positions such as Chief Information Security Officer (CISO) are becoming common. Managed IT services have become extremely important, but many small to mid-sized businesses are not financially equipped to support a new IT-based team much less a new “C” level position. DynaSis can help you deal with this situation extremely well.

The History of Cyber-Crime

Cyber-crime has become an easy to enter “vocation”. In the past, if some hacker decided to break into a company’s files, lock them down, and hold them for ransom, or wanted run a scam based on the millions of dollars he was “holding” for you, he had to start at “square one” and develop the software for this on his own. When you think about it, it is truly a daunting task. In fact, it was such a large project that entire criminal enterprises were established to generate the software required to accomplish these evil deeds.

Things have changed for the wannabe criminal. All he (or she) needs to do is dig around the dark web to find the off-the-shelf software needed to go into the crime business. Easy! Basic criminal software can be purchased for as little as $200 with a number of high tech upgrades available…and even a toll-free support line.

How Managed IT Services Fight Cyber-Crime

How have companies been handling this? Large companies, as we stated above, are spending large sums of money for protection. Not only are they hiring entire teams to deal with this situation, they are also spending the big bucks on hardware and software.

Smaller companies find themselves in a different position. First of all, many small to mid-sized businesses make (the very bad) assumption that they are safe because why would a cyber thief even bother with them? Wouldn’t they go after the big guys? Isn’t that why we hear about the IT break-ins at companies like Target, Equifax, Home Depot, etc.? This is a very, very bad assumption. Yes, sometimes you hear about the large thefts of customers’ personal data because that’s how the news cycles run. But, in reality, the criminals know that these big companies are spending millions on security and that the smaller company is now the low hanging fruit. Today, the vast majority of cyber-attacks are against small to mid-sized businesses.

Fear not! There is an excellent, cost-effective and highly efficient answer to this problem. Managed IT services companies like DynaSis are well-equipped to protect their clients’ IT infrastructures. At DynaSis, we have been working with small to mid-sized companies since 1992 and we are part of a nationwide team of managed IT services companies that develop and maintain a unique and proprietary Crypto-Containment System that identifies infected data within your IT networks, locks it down, and isolates it before it can spread through the rest of your network. We would love to show you how this works, as well as other cybersecurity measures we can provide, and how these can cost-effectively bring your internal cybersecurity to a new level. Give us a call today at 678-373-0716.

Imagine you had a computer (we know you do, but play along). Imagine how much you could accomplish with that computer. Now imagine that you had four employees…but only one computer. If they all took turns on that computer, productivity would be a bit impacted. Well, maybe not a “bit”, but a lot. Now imagine four computers, one for each of your people. A lot more work, but a lot more expense. Now imagine that instead each of your people working at separate full-blown computers, your IT service set your company up so that they were working at four “dumb” workstations that all relied on a single more powerful “server” computer  store applications and files and feed them to the workstations as needed. Here is what you have accomplished:

• The total equipment cost is less.
• Maintenance is easier and less costly.
• Computing power for each employee is greater.
• Since files and apps are all stored in one place, a high-level of security is more easily accomplished by your IT service.
• Backup and, if ever needed, restoration is easier.

Virtualization

This whole process is called “virtualization”. By using virtualization software, your IT service able to effectively turn a single computer into four computers. Under this scenario, the workstations we mentioned above are called “clients” and are served by the “server” computer. The virtualization software is called a “hypervisor”…yes, it comes from the word “supervisor”.  What your IT service did was take one more powerful computer and with the use of this software, turn it into four “virtual” computers, also known as virtual machines, or VMs. Each of these VMs is called an “environment.” (Sorry for all the Geek talk).\

What’s also really cool is that each of these virtual machine environments can run its own operating system. Windows, Linux, Apple OS. All can run simultaneously on this single computer and feed appropriate apps and docs to each client.

Now imagine a company with a lot more than four employees. Imagine a company with 50 employees. Instead of 50 full-blown computers, because of virtualization, your IT service can set your company up so you are using only 10 more powerful units, with 50 “dumb” workstations. Yes, the savings are multiplied, but we have accomplished a lot more than that. A server computer that serves five or six workstations does not need the computing power of five or six single computers. The full computing power of a basic computer may be needed on rare occasion but is extremely unlikely to be needed all the time and the need for the full computing power of six computers at the same time would be so rare that it is almost unthinkable. All this matters because, since the computing power of the server computer is shared between the six workstations, and since it would be rare indeed for even one workstations to require its full computing power, the server can get away with, say, the equivalent of four regular computers’ computing power, which your IT service can install for a lot less money. The computing power is then shared, applied to each workstation as needed.

Virtualization is a powerful tool that is used extensively in cloud computing and is something you may want to learn more about. If you do, read our recent article (with some cool illustrations) on Understanding Virtualization. And if you want to know how it can benefit your company, give us a call here at DynaSis at 678-373-0716, because we have been at the forefront of small to mid-sized business computing since 1992.

Here at DynaSis, as a managed IT services provider, we offer prospective clients complimentary IT and Network Assessments. The assessment gives the business-person a good look at where the company’s IT infrastructure stands at that moment regarding a number of potential security issues as well as understanding where it stands in terms of updates and upgrades. We then ask people to consider four questions:

• Wouldn’t you like your IT investment to not be just an expense, but be an asset?
• How harmful would it be to have your IT network “go down”?
• What would be the effect of total data loss?
• Are you willing to accept 2^nd rate service because you are a smaller company?

We’re not going to review these one by one because the answers are pretty obvious. What may be less obvious is where to start, and that is with the Assessment. The Assessment serves as a roadmap and without it, a managed IT services provider is likely to recommend unnecessary changes, and miss some that would be highly beneficial, in the end creating a framework that does not accomplish what you are looking for.

There are some basic yet important goals that your IT services company should be helping you accomplish:

Availability

Does 99% uptime sound good? Not by our standards. That is 1% downtime, or 5,256 minutes annually. Our goal between 99.99% and 99.999% uptime, or 5 minutes to one hour downtime per year.

Security

This is an important subject on its own and we encourage you to read a white paper we published earlier this year entitled Cyber Security 2018. As a managed IT services company, we are very much aware that the majority of cyber crimes are now committed against small to mid-sized businesses. Cyber criminals know that “enterprise” size companies have invested millions of dollars in protecting themselves, so small to mid-sized businesses have become the low hanging fruit.

Mobility

Everyone is on the go. Employees work from home, in airports, hotels, clients’ offices, even on vacation. Mobility today means a lot more than having a smartphone. It means being able to access your files anytime, anywhere. It means being able to collaborate with your team members no matter where they are. Again, this is a subject worthy of discussion on its own, and we would be happy to speak with you.

Productivity

People want to be productive and ensuring that your IT infrastructure is functioning at peak levels is necessary. In fact, studies show that millennials who are interviewing for all levels of management positions frequently inquire about the tools with which they will be provided to accomplish their jobs. An assessment will help here, too.

………………

What we have discussed in this week’s blog is merely the tip of the iceberg when it comes to the information that can be gleaned from an IT Network & Security Assessment. For a deeper look, we recently published a full white paper called The Value of an IT Assessment and we suggest you take a look. We believe you will find it eye opening.

At DynaSis, we have been providing managed IT services for more than a quarter century and we would love to start a discussion with you, so please give us a call at 678-373-0716.

The results of two recent surveys indicate that computer network support professionals working for “enterprise level companies” agree that a company’s own employees are often its weakest link in protecting against cyber-crime. (For specifics on these surveys and more information on the subject of employee training in general, read our White Paper on the subject.) So, as an owner of executive of a small to mid-sized business, consider this: if this problem is so prevalent in these enterprise level companies with large IT departments, where does this leave you?

It is well-known in computer network support circles that in this day and age of cyber-criminals who are relentless in their development of new ways to attack virtually everyone’s IT network that employee training is a key element. It is also known that careless and / or unintentional employee actions are the number one access point for these criminals. While all the other forms of network protection are still vital, employee education remains one of our best safeguards.

Here are some notes on areas that employees need to be taught, and then on which to be continuously reminded and updated:

Unbreakable Password Protection

Computer network support professionals are amazed at how many people still use easy to break passwords. Criminals use algorithms that can rapidly test millions of possible passwords, so if they have a reason to guess at part of a password, finishing it becomes a real possibility. Larger companies install protections against this, including automated requirements for regular changes as well as strong parameters. Try this. Current thinking among these computer network support people has changed from combining letters, number and characters, to letters only. Here’s why: if you combine three unrelated words of five letters each, (for example: househumanroses) those fifteen letters give you 1,677,259,342,285,730,000,000 possibilities. That’s 1.6 sextillion. And that’s only using lower case. Imagine if you mix upper and lower.

Downloading Unauthorized Software

Another activity that drives computer network support people crazy are the many software programs that can be downloaded for free with a simple mouse click. While many are truly useful, others may launch very destructive malware, including ransomware that can lock down an entire IT network.

Phishing and Spear-phishing – Social Engineering

These are tactics used to trick people into divulging sensitive information. You may not fall for the plea for assistance from the Nigerian Prince, but many people are fooled by realistic looking fake emails from banks, utilities, charities and others. One specific word of caution: the IRS never calls and never sends emails.

Social Media Scams

Fake Twitter Accounts: We all make typos. Studies show that a small percentage of people will inadvertently make mistakes and not correct them when typing. If you mean to send a tweet to a company called ABC123, but type ACB123, there may well be a fake account out there with that name, set up to trick you. These scam artists will set up hundreds of these accounts (ABD123, ABE123, ABC 123, etc.) to benefit from your mistakes.

……………………….

The reality is, there are too many ways that employees can make mistakes or be fooled to cover in this blog, so, again, we refer you to the white paper we wrote on this subject. Once you better understand the risks, you can set up training programs for your people. If you don’t have an in-house computer network support team to conduct employee training classes, speak with us here at DynaSis. We’ve been doing it since 1992 and would love to do the same for you. Call us today at 678-373-0716.

Most companies these days allow, or even insist, that employees use one or more of their own devices for work. Rather than causing resentment, the majority of employees actually prefer using their own phones, tablets or laptops, rather than having to carry two of the same type device. They are comfortable with the devices they understand and are probably upgrading them faster than the company network support team would be doing, thus giving both the employee and employer the benefit of more current technology.

That being said, there are concerns that many employees have, some real, some perceived, that must be addressed and, additionally, network support and security for devices the company doesn’t own can be challenging. On the employee front, those who are required to use their own devices often feel they are losing privacy, including the possibility that their personal information may be accessed. This can be overcome with adjustments on the network support side and explanations (in lay terms) to the employees.

We won’t get into too much technical detail here, but on the employer’s side the issue of keeping company data secure demands serious consideration. This requires the creation of an “Acceptable Use Policy”, but please keep in mind that policies like this are only helpful if they are enforced.  (If you want more information about BYOD policies, check out our White Paper on the subject.) If you are going to allow or require BYOD, here are some guidelines on how to begin:

Pilot Program

Start small. If you only have a few employees, you may want to include everyone, but if you are mid-sized and growing, limit the participants until you’ve got the bugs worked out.

Involve All Constituents

A strong BYOD policy will involve every department in the company: sales, marketing, HR, finance, R&D, etc. Make sure people from each of these are involved in the set-up and roll-out discussions.

Employee Training

Employee training today is important in many areas of cyber security. Employee email accounts are the number one source of access for cyber intrusion of all types. BYOD is no different. This is an important network support issue.

Industry Specific Security

PCI, HIPAA, GLBA, DSS and others. You don’t want to be 100% in compliance in-house, then fail to keep employee devices adequately protected.

Device Level Security Isn’t Enough

Proper network support and security requires multiple defense layers. Hard as you try, you may not always be successful in keeping every device secure, so your network must provide protection for this.

Additional Costs

Yes, by asking/allowing your employees to use their own devices, there will be savings, perhaps substantial. However, there may also be additional expenses to install updated infrastructure technology. All in all, however, the switch should help your bottom line.

Again, if you would like to learn more, check out the White Paper, or, even better, give us a call. We have been providing IT network support for more than 25 years and would love to chat with you. Call us today at 678-373-0716.

Cybercrime complaints to the FBI exceeded 300,000 in 2017 with an estimated loss of almost $1,500,000,000. The thing is, the Department of Justice estimates that only 1 in 7 criminal incidents are ever reported. That brings the estimated totals to 2,100,000 incidents and $10,500,000,000 in losses. Why is that?

First of all, if you believed you caused the attack because of an error in judgment, chances are you aren’t going to be so fast in letting anyone know. Neither would your employees. Now, very few employees, fortunately, are going to actively work at allowing cyber intrusions into your network, but simply clicking on a deceptively realistic looking phishing or spear-phishing email can open the door. Companies with effective in-house or managed IT support providers can usually determine whose mistake it was, but for many small to mid-sized businesses, the unintentional culprit will never be found.

But in some ways, that’s beside the point. The point is that your employees should have been well-trained enough that they aren’t susceptible to this kind of fraud.

If you are the boss and you know about the cyber break-in, your attitude may be that it’s unlikely that the perpetrator will ever be found so why bother? You are also way more likely to pay a ransomware demand than report the crime. It just seems easier. Except that in about 20% of the cases, the de-encryption code you need to unlock your files either never arrives or doesn’t work. This 20% would have been much better off dealing with prevention than with trying to rectify a really tough situation.

There is another growing area of cyber-crime, although it is not committed through entry into your IT infrastructure. This is IT support fraud and in 2016 there were more than 10,000 cases reported. Again, law enforcement believes the 10,000 are the tip of the iceberg. The reported losses were $800 each on average. Most of these were perpetrated against individuals, not businesses, but in today’s work-world, with many people using their own devices for work, sensitive business information that resides on an employee’s personal laptop may be stolen and used for illegitimate purposes.

The gist of this blog is to encourage two things: first, report all cyber-crime. You can never tell which case will be the one to break open a crime ring. Second, make sure your employees are well-trained in cyber-crime prevention. Fact: most ransomware and other malware intrusions are caused by employee errors that can be prevented.

Need more info? Try this article we published not too long ago, or, better still, give us a call at DynaSis at 678-373-0716

Many people are surprised to learn that today’s number one cyber security threat is email. Deeply concerned about all levels of IT security, we recently published a white paper analyzing the various threats and how to thwart them, as well as how we here at DynaSis work to make our clients’ email accounts secure. In this white paper, we went over things like “zero trust” and how effective current phishing and spear-phishing techniques have become…and how to protect yourself by educating your employees.

Zero Trust as a Security Model

This is a critical part of email security in today’s world. Sorry. It might sound unfriendly, but when we trust no one, we are more vigilant. It’s not that we don’t trust people’s integrity, especially when it comes to our most trusted employees, it’s that we simply don’t have the luxury of trusting their judgment when they are up against brilliantly (unfortunately) crafted schemes designed to inflict harm. This is especially true in this world of BYOD (Bring Your Own Device To Work). Not only are the bad guys trying to work their way into your system through your company-owned devices, they are also working on getting in through the personally owned devices your people are using to access the company network.

In addition to phishing and spear-phishing (including expanded definitions), we go over email spam, viruses, malware, ransomware, social engineering and state-sponsored hacking. And we remind you, as we do here, that all this can start with a simple, single email.

Best Practices

But we don’t just leave you hanging. We review “best practices” and how they can be used to keep the bad guys out. We go over specifics like auto-listing, RFC check greylisting, global reputation checks, recipient validation & active directory, anti-spoofing, email firewalls, and policy controls. Whew! That’s a lot of stuff, but it’s all important.

Mimecast

As a managed IT support provider and after reviewing all the software available (and with 25 years-experience, we are experts at conducting reviews) we have chosen Mimecast for our clients. You can click here to check out Mimecast on our website, or here to read about it in our white paper. Check out our entire website at www.DynaSis.com, or better yet, give us a call today at 678-373-0716.

Today’s small business typically starts without a clear picture of how they are going to manage IT. After all, the firm probably started with one to three people, all with computers but no networking, and maybe sharing documents through A) a consumer-grade document sync app (bad idea), B) Microsoft Office 365 (good idea to a point), or C) thumb drives (very bad idea). Security is probably sketchy, at best, and if something goes wrong, well, there’s always your brother-in-law, Malcolm, who at least knows a little more than you do.

As the company grows, you are faced with the reality that you need access to more IT knowledge than Malcolm, good soul that he is, possesses. You have two choices: 1) hire an IT guy, or 2) retain the services of a managed IT support company like DynaSis. If you compare the costs of the two options, you are likely to find that they are the same. The advantage of your own in-house IT person is that he is always available…except when he isn’t. Like when he is on vacation, or over the weekend, or after business hours. And then you soon find out that in today’s IT world, no one person has all the knowledge and training you are going to need, which the managed IT service can provide.

Either way you go at the start, as your company grows, you are going to face the next decision: expand your one-person IT department to two or three or four people, or now that your company is larger, drop your managed IT support provider in favor of building your own in-house team. Ah, but there is a much better solution!

Co-Managed / Co-Sourced IT

Under the co-managed / co-sourced IT scenario, you have your own in-house team, along with the services of the managed IT support provider. You and your provider can determine which services are best performed in-house and which are best handled by your provider. For example, in the treacherous IT world of today (and there are many, many things that can go wrong), you should consider using the 24 x 7 x 365 monitoring and managing services they provide. The right provider will spot small issues and fix them before they become major problems. As your company grows, you also might want to use the provider’s technical help desk, and other services they provide.

One of the major advantages of using a managed IT service like DynaSis, is that it frees your IT person (or people) from mundane, routine, day-to-day tasks and allows them to participate in long-range planning and decisions that help the company grow. You can also call upon the executive team of your IT provider to help in determining and even developing technology that can power your R&D, production, sales and marketing, HR, finance, etc.

By the way, through all of this, you will probably find that the combination of a smaller in-house team and an experienced and qualified managed IT support company will cost you no more, often less, than building up your own team, and will bring to the table more knowledge and expertise than even a small team of three or four can offer.

We wrote a full white paper on the subject recently and we invite you to read it here. At DynaSis, we have been providing IT support, either full service or co-managed, to small to mid-sized businesses here in Atlanta since 1992. Want to know more? Call us today at 678-373-0716.

Is Your Business a Digital Business? It Better Be!

If not, you’re likely to be edged out and become a dinosaur in a modern world.

To be fair today, today every business is a digital business. Do you use email? Accounting software? Do you do research online? Do you have an online store? The question really is: do you use technology to your best advantage? In a White Paper we published not too long ago entitled A Digital Business in a Digital World we quoted a recent article by Forrester Research that essentially said (it’s too long to quote in its entirety here) that over the next couple of years your company is either going to become a “digital master” or “digital prey”. (Click above to read the whole quotation.)

The reality is that in today’s world the small business is already at a disadvantage. Big box stores have gobbled up the market share of hardware stores, office supply companies and apparel retailers. Even your dentist may now be the employee of a large national chain and your local car dealer is now probably owned by a conglomerate of 300-500 dealerships.

How does technology help you?

In a modern business, technology is intertwined into virtually every phase of that business. R&D, production, sales, marketing, finance, HR, customer service. Using technology takes us to the next level in every one of these departments (and all the other not mentioned here.) It keeps costs in line, enables us to provide better customer/client service, reduces errors, and generally makes us more effective in every way.

IT – Are You Inside-Out or Outside-In?

In most companies, IT has traditionally been an “Inside-Out” function, meaning that your IT focus has been on supporting your business as it exists today. This is the case whether you have your own internal IT department or are using a third-party managed IT support provider. This is ok. Your IT people need to be focused on the problems of today. But there is great value in shifting some of that focus “outside-in” so that your IT people are looking at, adapting and strengthening the disruptive business models that your business becomes the predator, not the prey.

What does this mean? Let’s look at some extreme cases. First, as this piece was being written, we saw a TV segment that Blockbuster was down to its last store. From 9,100 stores with 84,000 employees to one store with about 10 people working. Disruptive business models killed it. NYC taxi medallions (the license to own a taxi) have fallen in value from over $1,000,000 to about $200,000 because of services like Uber and Lyft.

Less “blockbuster” moves companies can make to disrupt their businesses positively can be updating websites to make them more interactive, adding third party products lines, more efficient production through technology, R&D to improve products and services ahead of your competition, improved employee satisfaction and productivity, and saving money across the board.

As an Atlanta-based managed IT support company, here at DynaSis we have had more than 25 years-experience helping small to mid-sized companies grow through secure technology. Give us a call and we will be happy to explain how. 678-373-0716.