According to Symantec SMB, 50 of SMBs admit to having no backup and disaster recovery plan in place. 41 of those surveyed confessed that they had never even given much thought to implementing a disaster recovery or business continuity plan. If you are one of them, then you really need to think about whether you can afford the status quo. Answering these questions will help you decide.
How often is employee productivity and customer accessibility or service stalled each day from a downed network or system?
How much downtime can your business truly afford and what kind of backup or recovery solutions are in effect when systems are unavailable?
What level of IT support can be accessed? Can it be accessed quickly enough to minimize damage? Are you confident that your business can either be back online or be able to access lost data with minimal disruption, no matter what?
Is your most critical data frequently backed up? Is the data on the personal laptops, iPads or Blackberrys of employees backed up? Are all backups stored in a location off-site and quickly accessible in the event of theft, fire or flooding? Are you using any custom installed software and is the supplier still in business should this software need to be re-installed or updated? Are account details, licensing agreements, and security settings somewhere on record, and is it duplicated off-site?
Are your systems truly protected from theft, hackers, and viruses? Are passwords to sensitive data changed whenever employees leave the company or business unit?
When was the last time you tested backup processes to ensure they are working properly? How quick were your back ups?
Answering these questions will help you understand if you are needlessly bleeding money every day by subjecting your business to the high hourly rates, service charges, trip fees and wait times of on-call IT support. If you are an SMB, you don’t have to fear technology failure. A trusted MSP can help you resolve these challenges in a more effective and efficient manner.
A Smarter Approach to Mobile Device Management
More people today use personal mobile devices like smartphones and tablets for business purposes. Such devices, coupled with greater Wi-Fi accessibility and cloud services, have empowered us with the ability to access data and do business from practically anywhere at anytime.
Needless to say, many small-to-medium sized business owners have embraced the BYOD (Bring-Your-Own-Device) revolution. The benefits are obvious increased employee productivity, enhanced services to customers/clients, and better overall customer and employee satisfaction.
But what about the potential consequences associated with this mobility revolution? Are small business owners doing enough preemptive planning to address potential risks that could arise with the use of BYOD devices?
Mobile Device Management – Questions Every SMB Should Ask
First, it is important that small business owners honestly assess whether their systems, networks, data, and overall infrastructure are ready for the use of an array of mobile devices.
Once it is firmly established that both internal IT and components in the cloud are prepared for BYOD, solutions should then be put into practice that are concurrent with terms of use policies or any guidelines pertaining to remote/telecommute workers or the sharing of sensitive data. The following questions should be answered.
What particular devices or applications are permissible for work use? Assuming security requirements are in place, not every device or application will meet those.
Will anyone in the company be tasked with the daily management of BYOB strategies? What should BYOD policies cover and what kind of management solutions will be needed? Would a BYOD management tool that collects device information, deploys and monitors usage, and offers insight into compliance be helpful?
Which costs will be the responsibility of the employee? This pertains to any fees associated with usage – from network plans, to the device itself, to software, accessories and maintenance costs.
What data will be accessible? Will data encryption be necessary for certain information traveling through the personal devices of employees? Which employees will have read, write, update/delete privileges?
What is the process when handling sensitive data stored on lost or stolen devices, or the personal devices of ex-employees? Does the company or organization have the right to wipe out the entire device or just corporate data and apps?
BYOD is here to stay as it affords smaller-sized companies the mobility of a corporate giant without a huge investment. But when it comes to ensuring that devices, applications and networks are safe from the variety of threats linked to greater mobility, small business owners may find it necessary to enlist the help of a managed service provider to adequately take on mobile management challenges and provide ongoing consultation.
8 Cold Hard Truths for SMBs Not Worried About Disaster Recovery and Business Continuity
The foundation of any successful business continuity solution is the ability to retrieve data from any point in time from anywhere. When the topic of data recovery and business continuity comes up, you get the feeling that many decision makers at smaller businesses and organizations wish they could channel their inner six year old, simply cover their ears, and sing “La, la, la. I Can’t Hear You. I’m Not Listening.”
Everybody thinks bad things only happen to other people. Just because we hear about a fatal car accident on the morning news, doesn’t mean we fixate on that news when we ourselves get into a car and drive to work.
So no matter how many times the owner or executive of a small to midsize business (SMB) hears of other small businesses being crippled by hurricanes, tornados, fires, or flooding, they aren’t necessarily overcome with fear to the point that they feel an urgency to take action.
Sure, they may think about backup and data recovery solutions a little more that day, but not enough to initiate immediate change or reverse a lenient approach to their processes.
If you fall into this category, here are eight cold hard truths to consider
It isn’t natural disasters or catastrophic losses like fires that take down small businesses but something far more sinister – malware. Cyber attacks through malware have grown exponentially in the past four years. Malware is hitting everything from PCs to Macs to mobile devices and it’s inflicting damage.
Over half of the small businesses in the U.S. have experienced disruptions in day-to-day business operations. 81 of these incidents have led to downtime that has lasted anywhere from one to three days.
According to data compiled by the Hughes Marketing Group, 90 of companies employing less than 100 people spend fewer than eight hours a month on their business continuity plan.
80 of businesses that have experienced a major disaster are out of business within three years. Meanwhile, 40 of businesses impacted by critical IT failure cease operations within one year. 44 of businesses ravaged by a fire fail to ever reopen, and only 33 of those that do reopen survive any longer than three years.
Disaster recovery solution providers estimate that 60 to 70 of all business disruptions originate internally – most likely due to hardware or software failure or human error.
93 of businesses unable to access their data center for ten or more days filed for bankruptcy within twelve months of the incident.
In the United States alone, there are over 140,000 hard drive crashes each week.
34 of SMBs never test their backup and recovery solutions – of those who do, over 75 found holes and failures in their strategies.
It’s critical that small businesses review their backup and disaster recovery processes and take business continuity seriously. Given the vulnerabilities associated with the cloud and workforce mobility, the risk of critical data loss today is quite serious and firms must be truly prepared for the unexpected.
5 Ways SMBs Can Save Money on Security
Small-to-medium sized businesses and large enterprises may seem worlds apart, but they face many of the same cyber-security threats. In fact, in recent years, cyber-criminals have increasingly targeted SMBs. This is because it’s widely known that SMBs have a smaller budget, and less in-house expertise, to devote to protection. Thankfully, there are several things SMBs can do today to get more from even the most limited security budget. And, no, we aren’t talking about cutting corners. Far too often, SMBs cut the wrong corners and it ends up costing them more money in the long run. It’s a matter of taking a smarter approach to security. Here are five smart approaches to take
Prioritize – Every business has specific areas or assets critical to its core operations. Seek the input of valued staff and team members to determine what these are. Is there certain data that would be catastrophic if it was lost or stolen? If hackers compromise a network, or prevent access to certain applications, how disruptive would it be to daily business operations? What kind of potential threats or vulnerabilities pose the greatest risk to the company or your customers/clients? Focus on the most likely risks, not theoretical risks that “could happen.” Asking such questions gives you a clearer and more complete perspective as to where to focus available security resources.
Develop and Enforce Policies – Every SMB needs to implement a security policy to direct employees on appropriate and inappropriate workplace behaviors relative to network, systems, and data security. Merely drafting this document isn’t enough. Employees must be held accountable if they fail to adhere to policy. Such policies should be updated regularly to reflect new technology and cultural shifts. For example, a document written before social media took off, or before the BYOD (Bring-Your-Own-Device) movement, doesn’t necessarily apply today.
Education – Ongoing end user training must be provided. Many security breaches happen because employees fail to recognize phishing schemes, open emails from unknown sources, create poor passwords that are seldom changed, and don’t take proper precautions when using public Wi-Fi connections on personal mobile devices also used for work.
Take to the Cloud – Running applications and servers in-house is a costly endeavor. Leveraging the cloud today allows SMBs to cut costs while also strengthening their security. Cloud operators typically have built-in security features, alleviating SMBs of the burden of maintaining security themselves. Today, not only can SMBs shift much of the burden of IT to the cloud, but they can also outsource much of their security by taking advantage of the remote monitoring, maintenance, and security tools provided by Managed Service Providers (MSPs).
Don’t Aim for Perfection – There is no such thing as perfect security. Striving for perfection is expensive and can prove to be more costly in the end. Improving protection and response would be a more ideal allocation of funds. It can take a hacker several months to figure out your systems and do real damage. Having the ability to quickly detect their presence, and mitigate any potential damage they may cause, is a more realistic and less expensive approach than thinking you can completely remove any probability whatsoever of a hacker breaching your system.
Insight into a network is essential for any business and their IT Team. Data about your network at any single point gives a snapshot, however it is not showing the whole story. Graphical visualization of data can quickly show high level trends to showcase specific events or areas of concern.
The true key to knowing your network and changing how you interact with it comes from the ability to move from visualized data points into the root cause. Benchmarking and remediation can only be achieved if you know what data to inspect. Drilling down into detail becomes essential after identifying areas of interest.
AIS has deployed SIEM and NMS to accomplish these critical tasks. Not only do these solutions provide enterprise level features for the SMB market, but they also showcase the power of data to aid in creating a more secure and efficient technology blueprint. All of these benefits and features are vendor agnostic, making it a great solution for any network environment.
Rightsizing your infrastructure and hardware, implementing additional security solutions, and understanding your network all start with data. Data presented through AIS’s exclusive SIEM and NMS Tools.
Follow these links to learn more: AIS SIEM Link AIS NMS Link
Enterprise software at a small business cost.
Open sourced software strategy for IT Infrastructure enables organizations to experience the performance and security benefits of enterprise software used in Amazon and Google data centers without enterprise license costs. With the primary adoption challenge being specialized knowledge required to implement and maintain, AIS has invested significantly in process and professional development.
Key points:
Performance
Commercial solutions often require increased license cost for features that improve performance and reliability. Open source licensing including Enterprise features available at no cost provides an area of potential savings.
Security
Supply-chain attacks present an interesting quandary because the sooner you update to the latest release, the more likely you become an early adopter of the new feature. But the longer you wait to update, the greater exposure to unpatched vulnerabilities. Software that must be publicly exposed to operate tends to be the most vulnerable, the primary reason why recent Microsoft Exchange vulnerabilities had severe impact. Considering supply-chain attacks must go unnoticed to succeed, having more eyes on the code increases odds of detection.
Automation
As IT Infrastructure evolves from on-premise only to include hybrid/multi-cloud, automation is required to maintain performance, reduce recovery time, and control management costs. Developed to operate the largest, most secure, cloud data centers, Enterprise open-source software provides complete automation capabilities to enable an infrastructure-as-code approach.
AIS leverages OpenVAS - Open Vulnerability Assessment Scanner to perform automated, proactive, Network Vulnerability Tests(NVT) across a client's entire IT environment. The Greenbone Community Feed provides daily NVT updates as new vulnerabilities are discovered to enable quicker detection of zero-day threats. Combined with other NVT sources, this enables automated, real-time scanning for over 100,000 different vulnerabilities.
What it does:
Runs NVT scripts for each vulnerability against each network host to positively identify if the host is susceptible to specific threats.
Vulnerability definition details are primarily based on Mitre CVE or Carnegie Mellon CERT databases.
How it works:
Separate IT environment discovery tools identify client hostnames and IP addresses of on-premise, cloud, and SaaS resources.
Internal network vulnerability scanning is possible via an existing AIS NMS deployment.
By default, NVT scripts that may cause outage by testing for disruptive vulnerabilities are disabled by default and can be configured to run during an established maintenance window or on-demand. Scan frequency and report generation is also configurable.
How do you get a small business to recognize the value of manages IT services? In the start-up environment, we encounter an eclectic bunch of personality types. There is a reason people become entrepreneurs or C-level execs. When we meet the owners or decision makers at smaller companies and organizations, we can tell right away why they’re where they are. They’re visionaries. They’re risk takers. They’re competitive. They want to be in charge.
Therefore, they aren’t always quick to place the fate of their business technology in the hands of a third party. They’ve come as far as they have by being in control and they’re hesitant to give up that control. But we’ve learned a few things along the way.
For example, the Type A personality is highly independent but also very competitive. So we tap into the competitive advantage that managed IT services gives them.
The Type B personality is creative and doesn’t like static routines. But their ears perk up when they hear terminology like “cutting-edge” and we can then paint the big picture for them once their listening.
But anyone we do business with has to be committed to the efficiency, security, and stability of their business technology to see our value proposition. And they have to recognize that managing their IT infrastructure is an investment they cannot take lightly.
So here are a few things we commonly have to address before any deal for managed IT services is signed.
Is my business large enough to even consider managed services?
The truth is, any company, regardless of its size or the number of people they employ, will run more efficiently if its technology is monitored, maintained, and managed properly.
These are facets of your operations that drive profitability and give our Type A personalities that competitive edge they crave. And they can rest easy whenever business is booming because their technology is built to sustain their growth. That’s the big picture that our Type B personality can appreciate.
How is making another IT investment a cost-savings move for my business?
There are still many SMBs who feel a greater focus and investment should go towards their core operations or marketing and sales. They only worry about technology when it breaks, figuring they’ll just call a service technician to come to the office and fix whatever the problem is. Or buy some new hardware at Office Depot.
There are some very obvious flaws to this strategy.
You’re paying way too much when it’s way too late – An issue that was likely preventable with early detection has escalated into a full blown business disruption and that on-call technician likely charges a high hourly rate, on top of hardware replacement costs, and may not get to your site right away. Being proactive rather than reactive to technology issues is important.
Don’t forget productivity killers – It’s taking your employees too long to boot their computers. Servers and applications are running slowly. Employee devices are full of Malware. Non-technical employees are running around troubleshooting tech problems. If you see this, your present approach to IT management is killing employee productivity and your bottom line.
What happens internally is noticed externally – Don’t think for a second that customers or clients don’t notice outdated or slow internal technology and mismanagement. If your site or applications are down often, run slowly, or your customer service rep tells them “I’m sorry, our system is down”, they’re noticing and it’s hurting your business.
When all is said and done, professionally managed IT services will give you a competitive edge, guarantee your business is always leveraging the newest most cutting-edge technology, and enhance your relationships with customers and clients – all while reducing costs.
As IT hardware/software becomes more sophisticated, client IT environments include more different brands. This fragmentation increases the challenge of finding resources to implement, monitor, and maintain.
Key points:
Architecture
As cloud adoption increases, prevalence of on-premise servers decreases, limiting Solutions that require installation on an on-premise server. Solutions delivered by AIS are designed with Flexibility to support various client architecture possibilities, including on-premise, hybrid/multi-cloud, edge, and server less
Process
AIS created a tool to automate statement of work (SOW) development and management. This tool enables standardized implementations of solutions from different vendors while ensuring that every engagement follows ITIL/vendor best practices. Level of effort required is determined by historical data for increased transparency.
Strategy
Manufacturer-provided monitoring and management tools often lack support for 3rd-party devices. AIS Solutions are designed for compatibility with most leading manufacturers and service providers to avoid vendor lock-in.
When it comes to cyber-attacks and data threats, it’s not a matter of “if” but “when.” There is only so much anyone can do to prevent a successful attack, but hackers have become more resourceful and will continue to find innovative new ways to penetrate security defenses.
Malware and web-based cyber-attacks are the most popular forms that are growing in their complexity and method of delivery. And just because you currently have an AV solution doesn’t mean you’re covered. It’s not just a box to check. It has to be constantly monitored and managed. Plus, the typical antivirus approach is no longer enough these days.
Ransomware is the malware of choice now. You may have heard of CryptoLocker, CryptoWall, Locky and now WannaCry, malicious software that locks you out of your files and demands ransom payment for recovery. Factoring in this ongoing trend, cybercrime is becoming increasingly costly.
Malware includes viruses, worms, Trojans, ransomware, spyware, adware, etc. and is primarily installed via phishing schemes. When employees click rogue links or open malicious attachments, they unknowingly give hackers remote access to infect their systems.
AIS provides the proactive, preventative maintenance and technology you need to secure your workstations, servers, devices and networks. Granted there is no way to prevent 100 of today’s threats, but we can help prevent most while making discovery and rededication quicker.
Multi-Platform Protection: ● Critical Business-Grade Anti-Virus and Analytics ● Enterprise-Grade Anti-Malware Threat Intelligence ● Filtering Web Content ● AIS Managed Firewall Services ● Reviewing firewall rules ● Strong firewall management ● Patching the latest vulnerabilities discovered ● Inbound and Outbound Email Security
Hackers will eventually be successful, or your employees will mess up accidentally (or intentionally). You’ll want to have security policies and procedures in place when this happens.
Everyone makes mistakes, and end users are no exception. One wrong move and sensitive company data or personally identifiable information, such as your social security number, could become encrypted and/or stolen.
3 Misconceptions of IT Consulting Firms
The IT talent shortage is a leading, national news headline. The majority of the articles out there focus on how large companies are attracting IT talent with unprecedented salaries, perks, and benefits. However, the businesses struggling to hire IT employees the most are small- and medium-sized businesses (SMBs), defined as those with less than 1,000 employees.
Oftentimes SMBs lack the strong brand identity needed to compete for talent. Candidates don’t seek them out for employment like they do for larger, well-known companies, so SMBs need to spend much more time recruiting employees. The IT talent shortage makes this issue much worse. If SMBs are able to find candidates, they don’t have the budget to win them over, given many candidates receive multiple offers.
As the talent shortage continues to grow, and, in fact, is predicted to get much worse, the alternative is to outsource IT work to consultants. However, there are three main reasons why SMBs have been hesitant to outsource their IT needs to a consulting firm.
IT firms can be seen as a threat.
This misconception stems from the fact that many businesses bring in consulting firms when things aren’t going well. These firms analyze your operations and make recommendations for improvement, which often includes restructuring teams or even letting employees go.
IT consulting firms are different. You can engage them in many different ways and for many different reasons.
On-demand, project-based support. Experienced IT consulting firms can provide tactical support for planned IT implementations, upgrades, and migrations, or take on more strategic projects like advising on departmental IT budgets and information security projects. Consultants can be a great fit for short-term projects that are outside the scope of an internal team’s day-to-day work or their areas of expertise.
Ongoing maintenance. IT consultants can increase the bandwidth and productivity of your existing team by taking over the time-intensive work that keeps them from focusing on other initiatives. Clients often engage our team to monitor systems, reducing alert noise and false-positives/negatives.
Strategic support. Consultants can advise IT leaders on their overall technology strategy or provide recommendations for specific software or systems. As an example, our team is often brought in to conduct vulnerability assessments, outlining specific ways to help businesses reduce risk and make their systems more secure.
Businesses are afraid to lose control over their IT operations.
IT consulting is not an all-or-nothing engagement. IT leaders often assume that working with an outside firm means that the consultants take on the work of the entire department. This is true in that they absolutely can - but it’s not the only option.
How do IT leaders manage an external resource? How do they measure their productivity and performance? Any successful consultant engagement needs to give businesses the same control and visibility as they have with their own team.
Having the right process and measurement tactics in place is key. At AIS, we share access to our management tools with our clients, including real-time dashboards and reports. Transparency helps to keep both internal and external resources aligned on initiatives. It also gives IT managers the insight they need to stay on top of their departments.
They're perceived as too expensive for SMBs.
Consultants and outsourcing are often equated with high price tags. Yet, many business owners have learned that there are significant cost benefits to partnering with an IT consulting firm, in a few different ways.
First, there are fewer operating costs when deploying consultants vs. full-time employees. SMBs can save on all of the costs associated with hiring an employee, including payroll taxes, unemployment insurance, workers' compensation and disability, and benefits including paid time off, sick days, and health insurance.
There is also a cost benefit to working with consultants given how quickly technology needs change. It doesn’t make fiscal sense to hire an employee for a short-term need, whether that’s a tactical project like a solution implementation or upgrade or a strategic initiative like a vulnerability assessment or guidance on a software buying decision.
By accessing an external team of experts for a wide range of needs, SMBs can scale up as needed without headcount approval, or scale down after projects are complete.
Ready to learn how AIS can support your IT team? Contact us at info@aislabs.com to start the conversation.
Frequently Asked Questions
What are the advantages of AIS VoIP?
VoIP (Voice over Internet Protocol) is technology that enables phone service connectivity via IP networks rather than traditional wire-line connectivity. AIS VoIP technology allows businesses of all sizes to have robust calling features, integrated mobile access and efficiencies that often keep costs lower than traditional solutions. Cloud-hosted business VoIP solutions like AIS VoIP scale easily and are often more feature rich than analog telephony with innovative features such as voicemail-to-email , find-me/follow-me and simultaneous ring that can be managed from an online interface.
Why is cloud-hosted phone service often less expensive than traditional solutions?
With device-agnostic voice calls, data connectivity, conferencing services and unified communication collaboration tools, AIS’ hosted VoIP solution provides enterprise-level performance at an often lower per-seat cost.
Will my AIS Managed VoIP phone system work even if we lose internet or power? Do I need a backup phone number?
Yes. If you’re using our mobile app, you’ll be able to make and receive business calls on your smartphone during local outages like it’s business as usual.
What is an extension? Is there a difference between a line and an extension?
Unlike traditional phone system lines, AIS VoIP extensions work by allowing different devices to register with your AIS VoIP Service. As long as your phone is connected to internet it can be located by the phone system, and receive calls at the appropriate extension number.
What if I want to cancel AIS VoIP Service?
We understand that your phone needs may change over time. However, before you cancel AIS VoIP Service, we encourage you to speak with a specialist about how AIS VoIP might be able to provide what you’re looking for. Please contact your AIS Account Manager or call 844-AIS-LABS.
What if there is a need for Analog POTS lines?
AIS Managed VoIP supports analog POTS lines using Analog Terminal Adapter(ATA) IP Devices such as the Cisco SPA112.
Does AIS provide internet service? What type of internet connection do I need?
No, AIS does not provide internet service. To use AIS VoIP, you’ll need an existing high-speed internet connection.
Each active call using AIS VoIP requires approximately 64 kbps up/down of bandwidth from a DSL, Cable, T1 or Fiber broadband connection.
Can I keep my toll-free or local number if I choose to cancel?
The number you receive upon sign-up is your own toll-free or local number. If you have paid for at least one month of service and your account is active and in good standing, you may keep your numbers. There is no charge for transferring out numbers. Your account must remain active and in good standing during the number porting process
How long does AIS VoIP take to activate?
Your account and phone number are activated immediately and a dedicated Project Manager will contact you within 2 business days to schedule implementation.
The International Traffic in Arms Regulations (ITAR) is a complex set of export regulations that control the export and import of defense articles and services in the United States. ITAR compliance is critical for any company that manufactures, exports, or imports defense articles or services listed on the United States Munitions List (USML).
ITAR regulations extend beyond physical defense articles and also control technical data related to defense articles. This means ITAR also applies to intangible data such as blueprints, schematics, training manuals, software code, and other information required for the production or operation of a defense article.
Given the scope of ITAR, it is essential for IT leaders and professionals at ITAR-regulated companies to build an IT strategy and infrastructure that supports robust ITAR compliance ahead of an ITAR audit. Here are three key areas to focus on:
Access Controls and Data Security
At the foundation of any solid ITAR compliance strategy are strong access controls and data security policies. IT teams need to ensure only authorized individuals can access technical data controlled under ITAR. This requires secure authentication methods, compartmentalized access permissions, and robust cybersecurity protections like firewalls and intrusion detection systems.
All ITAR-controlled technical data should be properly marked indicating it is controlled. IT teams must work to minimize the risk of unauthorized access or data leaks through comprehensive data security and access management policies.
System Segregation
ITAR has system infrastructure requirements related to the storage, processing, and transmission of controlled technical data. IT teams must segregate ITAR-controlled data and systems from other corporate systems. This may mean having physically separated networks, servers, and storage for ITAR data.
Proper network segregation configuration is a key technical control during an ITAR audit. It demonstrates your ability to restrict access to sensitive data to only personnel with a legitimate need to know.
Personnel Training
Having the right policies and security controls is useless without proper training for your personnel. Anyone with potential access to ITAR-controlled data should complete training on ITAR regulations and compliance requirements.
IT teams should implement access controls restricting users from accessing sensitive data until they complete required ITAR training. Ongoing security awareness training is also critical to maintaining compliance in the face of evolving threats.
An Ounce of ITAR Prevention
Implementing the appropriate IT strategy and controls before an ITAR audit is critical to demonstrating diligent compliance. The right blend of security policies, access controls, data segregation, and personnel training can help companies efficiently prove compliance during an audit.
Being proactive also reduces the risk of penalties and disruptions to business operations if violations were to occur. With the right IT foundation supporting your overall ITAR compliance program, your company can confidently navigate the next ITAR audit.
Ready to Review Your ITAR compliance posture?
We can provide recommendations customized to your organization's needs and compliance gaps. Contact us today schedule a call. You can email our team at info@aislabs.com.