Why outdated hardware and software is bad for business!

A few months ago, I was visiting a business, in the process of possibly taking them on as a client.  We had just completed a full audit of their network and were discussing the results.  No sales talk, just a round-table discussion in which we presented our recommendations to the board of directors and C-level management. In most cases, when you point out problems and offer solutions to the top managers of a business, they listen, and then put forward their own ideas and the reasons behind them.  There is eventually a consensus, and you move forward from there.  That's not what happened here.  But let me back up for a moment. When it comes to updating their technology, many businesses prefer to “grow organically”—that is, to gradually replace old systems with newer and better ones when it feels necessary to them and when they can easily afford to do so.  By contrast, upgrading to the best and most secure technology all at once can feel abrupt, expensive and inconvenient.  We have been in the industry long enough to understand organic growth.  All organisations are different, and the rate they update their systems depends on business requirements, cash flow and growth itself.  However, there comes a time when organic growth of technology starts to get in the way of business requirements, and cause the business to become inefficient and stagnant. The service level agreement for our managed services has a number of stipulations, two of the most important being use of the most up-to-date operating systems for the servers and computers (desktops and laptops), including applications like Office.  Some clients baulk at the expense, but almost all of them eventually agree to implement our recommendations.  At this client's office, the discussion had turned to the organisation's software—specifically, the large number of computers and servers equipped with Windows XP, Office 2000 and Server 2003.   It was no wonder the software was obsolete—some of their desktops were six years old. Although our requirements are not written in stone, there are certain minimum standards that we must insist on. One of them is putting a plan in place for upgrading hardware, operating systems and applications that are well past their use-by date.  Our policy is to work with what our client has, with the object that by becoming their trusted adviser, we can persuade them to invest in the right hardware, software and applications.   A client may hesitate to implement costly improvements, but as we build trust, we can influence their decision-making for the better. This organisation was different.  It was the first time that I came up against a flat "NO.”   This management team's viewpoint was:  “We are not upgrading hardware, we are not upgrading software, it is working fine as it is and we do not need to change.”  We rolled out the productivity numbers, the ROI numbers, the security numbers, all to no avail.  We said thanks, could see no way forward and moved on.  They never became a client. As I said, we understand organic growth, but as an MSP we also understand business requirements.   The productivity of your business infrastructure is what you use to create revenue and, in the end, build profit.  If that infrastructure is slow, badly maintained and ancient, then the results for the business are going to follow suit.  Bill Gates wrote a book arguing that companies can get an edge on the competition by doing “business at the speed of thought.”  It is very true—the faster you can put information into a system, the faster you will get results from that system, and the faster you will see a ROI for every aspect of the business. And what about the company who declined to follow our recommendations?  Three months later the CEO rang me and said that they had been hacked and that it was my fault.  I nearly hung up on him, but that would be rude, so I asked how it could be my fault.  He launched into a tirade about how we had sabotaged his business and how we had had access to the system and broken it.  My only answer was:  “You need to look closer to home rather than blaming everyone and anyone else.” If that one business suffered the consequences of out-of-date software, there must be many others whom I haven't had the bad luck to encounter.  Don't let your business be one of them.

Read more
Why Penetration Test is a Must for Your Cyber Security

Due to the fast growing world of the Internet and technologies, hackers find new tactics and improve their skills as well. So your cyber security should be one of the most important aspects of your business operations. Penetration testing is a considerably new tool in the cyber security world, letting you hack onto your own system to evaluate both its strengths and weaknesses, which will help you identify where your IT security lacks and how to improve that. Penetration test is a very powerful method to see what might be wrong with your cyber security and will help you understand if your system needs improvement or not. So you should definitely include it in your cyber security strategy. Cyber security is a critical issue for many businesses, and penetration testing is a new tool in the cyber security arsenal. Penetration testing also known as the pen test is a simulated or ethical, deliberate attempt to hack your systems. Here are a few reasons why penetration testing should a be part of your cyber security strategy. 1. Proves your defense work Intrusion detection systems are supposed to recognise when someone has hacked a network. Only penetration testing will prove that the intrusion detection system is actually working. Penetration testing allows you to know once and for all if your multiple levels of firewalls work. It determines whether or not the access control levels you’ve set up to limit access to files and software controls you put in place prevent someone from accessing data that they shouldn’t have. The penetration tests will test both hardware and software exploits. 2. A measure of how well the secondary defense work In the ideal scenario, the penetration test fails to get into the network. However, the Internet and corporate intranet have to balance access with openness, and this leaves holes that could be exploited. The odds are that at least one hole will be found, and the intruder will get in. A penetration test lets you see how well these secondary defenses and protections work. Furthermore, the penetration test lets you see how well other IT policies, protective measures and secondary IT security measures work. If the hacker is able to get into the smart router but not past the built-in firewall, or they can see file directories but not access files, they don’t actually learn much. Work with the experts to verify that your IT systems are as strong as they need to be. Working with a firm like Stickman would be recommended in this case because of their industry certifications and extensive experience. You can find out more about their products and services. 3. A test of the human factor A common cause of system weaknesses is poorly implemented IT security policies being slow to patch known exploits and bad software updates. If your IT department fails to verify one patch that doesn’t create a hole somewhere else, they don’t know about the issue – but the penetration test will find it. Or you may have someone creating holes in the firewall for their own use, albeit on someone’s directive to improve efficiency and speed, creating a backdoor that hackers could use when they find it. They assume no one would find it, but if it is found in a penetration testing, it could be found by hackers. If penetration testing finds these security holes, your organisation needs to determine how to solve the root cause. Whether it is better to train your staff on how to access data correctly and recognise phishing attacks, or provide more time and money for installing and thoroughly testing software upgrades, you now know what you need to do to improve your IT security overall. Penetration testing ideally lets you know that all of your security measures are working. Penetration testing is also essential for identifying the internal flaws and correcting them before they’re exploited.

Read more
Why Small Business IT often stagnates (and how to avoid it)

Most business owners wear many hats as the expert in all things business: marketing, sales, client relations, financial management and IT to name just a few areas. IT plays a vital role in the success of small businesses, providing benefits including increased efficiencies and productivity, and more recently connectivity and mobility. Yet many operators tend to put technology investment on the back burner until their computer, printer or other gadget breaks down.  While there are several barriers that deter IT investment in a business, there are several reasons to bring it to the forefront. Getting the right technology, both hardware and software, and learning to make the most of it to maximise your and your team’s effectiveness can do wonders for your small business. ‘I’m not technologically savvy’The perceived lack of knowledge about, or time to spend researching, IT matters is likely to be one of the top mental hurdles for small business operators. The first step is always to understand your own needs – what are you trying to achieve? Then focus on the business benefits that can result from addressing your needs, and determine the technology required to gain those benefits. It’s not as daunting when you do a bit of research (try business technology websites and forums), and seek advice from IT consultants, financial advisors and your peers to help make more informed business decisions. You can also have peace of mind by going with established, profitable and trusted technology providers, especially those that offer training services, helpful resources and 24/7 support.  In essence, selecting hardware and software should be based on: application and use size of business with consideration for growth plans customer and staff needs and preferences infrastructure already in place longevity budget, and return on investment of time and dollars spent installing it in the business. ‘It’s too expensive’ This is a common reason for avoiding IT outlay especially if you don’t have a large amount of cash in reserve, but costs don’t have to be prohibitive. The $6,500 small business instant tax write-off for new assets can assist in the investment of equipment that improves business productivity, team satisfaction and cash flow. More small businesses are streamlining day to day operations by moving aspects such as their accounting software, email, office applications and file storage to the cloud, as many cloud-based IT solutions avoid the need to spend money upfront but bring immediate benefit. They also reduce the number of IT issues you need to deal with in-house. There’s plenty of free online applications and social networking tools to help your business operate and grow too, such as LinkedIn, Twitter, Facebook, community forums, blogs and more. 'If it isn’t broken, then why fix it?’ It’s a typical notion that delaying the replacement of older IT equipment = a prudent cost-saving strategy. However, in the long run, the rising cost to support aging equipment will begin to surpass any savings made by delaying the purchase of a replacement—and could even cost your business more money. Upgrading to the latest hardware or software will provide an efficiency boost, either through better (faster) hardware or through enhanced software that provides additional functionality. Here’s an example: most reputable online accounting solutions such as MYOB LiveAccounts and AccountRight Live securely feed your business bank transactions directly into your data file, saving you hours in manual data entry and saving your accountant time spent fixing mistakes. ‘So, about this cloud computing…is it safe?’The security of data is often quoted as a barrier to cloud adoption amongst business, and the reality is that the threat to data is real and there are attempts by nefarious parties to access data stored in the cloud. We have all read stories about online banking hacking attempts and the like. However, professional cloud providers employ high levels of both physical and electronic security to protect their clients’ data. When considering a cloud solution, it is important to check the provider’s security policies and procedures are robust. This includes physical security of the server facility with 24 hour a day, 365 days a year video surveillance, strict personnel access control, firewalls, anti-virus protection, spam filters, disaster recovery and independent auditing and testing. Despite this, many small business operators choose to remain with their existing IT set up because they perceive it to be easier or safer or they feel they’re not informed enough to make the right decision. Isn’t it time to take advantage of what better technology can offer for your business, so you can spend less time on admin and more time on doing what you do best… whether that’s at work or at play?

Read more
Why your business still doesn’t have a managed service provider—but it should

Managed services have been available in Australia for some time, but this service has been slow to catch on.  There are three main reasons this form of service isn’t as successful as it should be. 1. Bad marketing To most small and medium business and not for profit organisations, the ICT component of their business may as well be written in Swahili.   Getting the computers to talk to the printer (correctly—without translating everything into Wingdings) takes skill and persistence, but in most cases the task falls to people who have limited knowledge.   It becomes someone’s job by default because they have a little more knowledge than anyone else in the organisation.  In the land of the blind, the one-eyed man is king.   Managers think this is a great solution—after all, it’s cheaper than hiring a top-of-the-line IT expert. In fact, a simple solution delivered by someone who knows what they are doing is normally cheaper and quicker than an on-site IT person, and more effective than handing over the task to a non-expert.  It ensures that your IT problems get fixed right the first time, while freeing up your employees to do their actual jobs.  So why doesn’t business understand this?  Most managed service providers are selling managed services as a way to monitor and manage your business infrastructure.   They are very remiss in of explaining the total package to their clients.   The thing that most organisations do not understand is that there is substantial savings in a managed services contract with a reputable provider. Of course, some of the managed care services really are too expensive.  Sometimes a managed services agreement contains hidden gotcha's— if you want a regular on-site visit, well, that’s extra.   You want more reporting?  That will cost a little extra, too.   This is not the way to go.   All on-site and offsite technical support, reporting, meetings and discussions should be a part of the original negotiations, and a flat monthly fee should be agreed on.   This benefits both parties.   I know, as an MSP, how much money I will have coming in and what resources I need to put in place to support your business; you know what to expect on your bill.  Offering full service with no gotcha’s is the best way to attract customers to managed services. 2. Bad service A bad managed care service relies too much on technology.  Okay, so you can’t have IT without technology, but you also can’t have a good IT service without…service.  Too often the touchy-feely part of computer support is missing We have been to businesses who have signed on for a service level agreement with another MSP and have never had a technician on site within 24 months.  That’s bad.  A managed services agreement should mean that you can talk to someone about any technical problem as soon as it happens—in real time, and in person if necessary.   We’ve all seen how a little problem (the printers aren’t working; the server is down) can balloon into a full-blown episode because there is no one there to help.  A voice at the end of the phone is no match for a technician on-site on a regular basis.   But putting out fires isn’t the only task for an IT service.  Beyond having a regular technician there, there’s also a need a business conversation concerning technology and its changing role within a company.  Is your security adequate?  Do salespeople on the road have the devices they need to be productive?  Should you switch to cloud storage, and if so, how much do you need?  Small businesses need expert advice on these topics.  This is an altogether different level of discussion than the one you have with your base technician.   That’s why a virtual CIO or IT manager should be available.   3. The chance of getting shafted For every good MSP, there are 10 bad ones.   Outsourcing your IT is only a good idea if you trust the people you’re hiring—after all, you’re putting your safety and productivity in their hands.    This can put a large amount of pressure on the business.   Questions like "are we getting the best support, do they know what they are doing,  have they got the right qualifications?” are can nag at an SME with an outsourced ICT component.   All too often, a business would rather stick with getting IT advice from tech magazines and letting Jan from accounting fix the printers.  They’re not getting top-quality service, but they’re also not risking complete disaster—or so they think. Again, this is the wrong mindset.  Picking a good MSP takes an initial investment of time and effort to do the research and read the fine print.  But once that’s done, it saves exponentially more time, freeing up employees to do their jobs and preventing productive hours from getting wasted on what should be minor IT annoyances. Businesses should seek out top quality MSPs—those that provide personalized, full service with no hidden fees.  If customers get savvy, this will encourage MSPs to offer and advertise great service.  The good companies will rise to the top, and the bad ones will clean up their acts or wither away.  Once this starts to happen, more SME’s will realize that they can’t afford not to hire an MSP.

Read more
Wordpress popularity doesn't assure you of a strong CMS platform

Irrespective of whether you are a small or large business owner using Wordpress as your web CMS platform or even if you are a web developer using Wordpress for delivering web solutions, you should all pay close attention to the serious flaws in this platform (see our infographic). Sure no platform is perfect and we will always find someone who will scream loud enough that their solution is the best but this article does provide some not well publicised viewpoint from different sources about the weaknesses in Wordpress that should give you serious concern. Why has Wordpress become so popular? Quite simply Wordpress is relatively easy to use - in fact anyone can set up a Wordpress website very quickly. To build a web solution requires the inclusion of plugins to deliver that functionality you need. These are generally available for free as, like Wordpress itself, they are open source and readily available. The very things that make Wordpress so appealing are the root of its weaknesses - being an open source platform means it is difficult to ensure quality control over the plugins developed, constant updates to cover system weaknesses to Wordpress lead to incompatibility issues with many plugins and the fact that it is open source leaves its code and that of its plugins vulnerable to security breaches. Wordpress was developed as a blogging platform. Someone then decided that by adding plugins they could expand on the base features of a blog to incorporate what businesses really needed from web solutions. Everything beyond being a blog platform is essentially an add-on patch to deliver broader functionality.   Documented Weaknesses in Wordpress Working with Wordpress entails installation version updates, security patches, plugin compatibility, secure passwords, and a host of other maintenance requirements. Elizabeth Maness of Social Media Today, has listed listed tips for Wordpress security and mentions a list of security plugins you can use to help you overcome these weaknesses. The problem of course is that we are seing plugins to fix the plugins. in our books, this does not make a lot of sense. Picking up from a Slashdot story on Wordpress vulnerability, according to Checkmark’s Research Lab, more than 20% of the 50 most popular, independently developed plugins are vulnerable to common web attacks. Further, 7 out of 10 e-commerce plugins are also vulnerable. Megan Totka of writes that there are at least 6 million things that can go wrong with Wordpress. Now we can't vouch for the accuracy of this list and would suggest that no one will ever prove the claim to be correct however, even if this is a list of just 60,000 - just 1/10th of what is claimed, this is still an alarming figure. Sufyan Bin Uzayr of WPMU actually takes the pain to list out Nine Most common problems associated with Wordpress, along with solutions to each of them. Wordpress is a CMS, built for Blogging It can be argued that blogging can be a business however this cannot be extended to claim that your business is a blog. There is no doubt that your business' website should certainly include a blog for your content marketing efforts as this is the easiest way to create new and fresh content in your website and is very easy to distribute across the internet. Of course we need to understand that running your business website isn’t the same as running a blog. Remember, Wordpress was created as a blogging platform and to suggest that it is a CMS is a stretch of the truth in that it was developed for article content only. A full blown CMS does a lot more than this. With the advent of plugins utilising the Wordpress platform, one could argue that Wordpress is now a CMS but it was not built for that originally. Thanks to the versatility of Wordpress itself, the original platform has been extended using themes, coding, and a variety of plugins to work as a front for small business websites. That’s where the functionality ends and troubles begin. It makes sense for small businesses owners to have an easy to install website which is a breeze to run. Wordpress certainly allows for that. What Wordpress cannot do, however, is present a stable core for you to run your business on. Updating Wordpress versions, managing plugin incompatibility, dealing with hacks, and living with other Wordpress-related problems are all website owner’s responsibility (and a major time suck). If you have no technical skills or lack the time to deep dive into Wordpress problems, it calls for paying an hourly fee for temporary Wordpress experts. Separate needs, separate systems You might use Wordpress as the core platform your website to live on. You will however be reuired to make use of other tools to complete your web solution - you’ll need Google Analytics for metrics, an email marketing solution such as MailChimp or iContact to help you manage your subscribers and email campaigns, standalone e-commerce plugins such as WooCommerce to allow for transactions on your website, and using a CRM such as to keep track of business. Then you will be looking for some accounting software such as to manage cash flow and keep track of finances. The need for systems to run your business apparently never ends. What you end up with is a collection of tools that are loosely joined together through Wordpress and with some smoke and mirrors it appears you have a real business solution. In reality of course what we have is a platform with well documented flaws, security weaknesses and vulnerabilities. Solutions are not cohesively designed from the ground up but instead, developers choose  a mish-mash of plugins they hope will do the job and continue to do so. There is little accountability from many of the plugin developers  and businesses relying on these have no idea of their exposure. Yes, there are some good solid web solutions delivered on the Wordpress platform and some excellent plugins but these solutions are held together because the efforts of the developers and those responsible for maintaining these systems. This is not straight forwad, not for everyone and does incur overhead costs.

Read more
You need an app right this minute!

It's now unavoidable. If you are an owner of an SME, an entrepreneur, or simply have aspirations that run in those directions, you're going to have to make yourself an app. It's not just the domain of the tech-savvy and the teens, it's the future of businesses everywhere. If you provide any kind of service - and you probably do, regardless of what your firm offers to the market - you can offer your customers unparalleled interaction and convenience. You can also track their usage and see how well you're really being received. Your customers can arrange their own appointments/requests, or whatever is pertinent to your business. An app needs it own kind of marketing of course, there are already endless options out there so it should be an addition to your business, rather than something you rely on to quickly fix up your image.   Design it right When you do create an app (and you should), or hire someone to do so, pay attention to what else is out there and test-drive before you launch. You want to make sure it works the way it should, lest it become a nuisance to your customers. An app doesn't have to be some gaudy experience where you're constantly distracted by ads you have no interest in. Look to new start-ups that are bringing some real quality and substance to apps for some inspiration. There is Leakserv out of the Netherlands for instance. They have created an app with a great social cause behind it, demonstrating the wide applicability of the technology. There is also Australian Car-Next-Door, a user-friendly app that is quickly rising to the top of the peer-to-peer car sharing market in Australia after securing some significant funding. A good app has to be tailored to the user, and to manage that you have to know your customer. It's not that different from any other form of interaction with your target market; you have to know what they want and what they expect from you.   No empty chairs For any smaller business it's vital that you not only keep your customers, but that you're at capacity whenever possible. An app is a great way to update information in real time to accommodate customers that are pressed for time and offer last-minute deals to encourage people to fill up any "empty seats" you might have. Or simply use it to engage with people. It's a platform to be innovative; take on board what you are learning from your customers and apply it as you evolve your business.   An online presence no longer equates to a website You really cannot run a business without a website anymore, or at the very least some form of web presence, i.e social media. However, an app has the added bonus of being potentially interactive in a quick and convenient way that a website will struggle to do. The StartUp WA report, released some days ago, shows that the number of startups investing in mobile technology is exceedingly high, and by percentage rate is much higher than any other type of technology. So there is really no denying that this is where the future is heading, and there is a good chance you will get left behind if you don't get onboard.

Read more