Your data retention and customer information are the lifeblood of your business – there’s no denying data’s importance, especially in day-to-day operations. Today, organizations across all industries are tasked to protect this vital info, retain it, and provides access at all hours. Yet, all we’ve seen was a lack of the appropriate archiving and retention policies upon initial inspection.
Building Data Retention
As your MSP, it’s our job to be your strategic advisor and help them understand exactly what their retention requirements are for various business needs. By looking to clean up your IT environment and implement retention policies for more secure, and accessible data you can gain an edge on the pitfalls of errors and mistakes.
By establishing data retention policies, here are some key points you should consider. Keeping in mind, that not all data is created equal—the first step in establishing appropriate retention policies, which data needs to be archived, and for how long.
Step 1: Classifying
Strike a balance between what’s optimal for your business needs vs. cost-effectiveness, by asking some of these questions before classifying or deleting data.
– Is this info critical for the customers’ business operations?
– Would your data be classified as a permanent document of any kind?
– Is your data considered proprietary intellectual property?
– Does your data reflect the current, legitimate and useful information or needs?
Data that fits none of these criteria may be suitable for deletion – although most data is generally retained for at least a twelve-month period, with a very small percentage needing to be retained after that period for legal holds. Assess value and risk before deleting anything and consider cost and storage requirements when choosing to keep anything else. There should be no arbitrary or ambiguous data—everything must be accounted for.
Step 2: Compliance
There is a hierarchy to follow when determining which data must be stored. Ensure data retention policies align with any of the following compliance or regulatory restrictions:
Whether it’s HIPAA, FINRA, PCI, or other regulatory concerns, know your verticals, and know the law. What data must be kept (and for how long) can vary significantly from one industry to the next.
Retain all data that could be subject to legal discovery or would be needed in legal action should it arise.
Pro Tip: If you need a long-term storage solution for less time-critical data, you can leverage our series of cost-effective data retention and BDR solutions.
Step 3: Deletion
Once your identified data no longer serves any useful purpose, there’s more to do than simply emptying your desktops recycle bin. Set expiration dates for all data when establishing retention policies unless it’s designated to be retained in perpetuity. It should be noted, that when data has exceeded the retention limits, it should be deleted immediately.
Finally, data that is retained must be data that is accessible. Choose a fast and searchable archival method to access data and determine what frequently-used data (if any) should be kept “live” outside of archival applications.
For anyone unsure of their backup and disaster recovery technology, and its configuration, we can help. With over 30 years of experience, with information technology, our trained IT consultants can get you started down the right path.
I’m sure many of you have heard of the age-old adage, “If you fail to plan, you plan to fail.” No business owner should see this as a surprise. Yet, when we chat with new clients and their peers, it seems like they were winging information technology(IT) until now.
Many local businesses are surviving on a day-to-day basis. Some even feel they barely have time to plan for what is going on this afternoon. Tomorrow will begin to seem overwhelming, and the recipe for disaster is born.
Here Are the Three Important Reasons Why You Should Take the Time to Plan for Tomorrow:
1. Your Business Depends on It: How many of us have thought about businesses growing in a healthy, reliable fashion when executing your sales efforts consistently. It’s critical that you and your team understands the full capabilities and metrics tied to your business efforts. By planning for your technology future, employees will begin to thrive, finances become more predictable, and the stress levels around technology drop. Your internal staff members aren’t left with trial and error. By preparing your information technology today, you can battle the fires of tomorrow.
2. Putting-Out Fires Isn’t Productive: Many local business owners become regularly stuck fighting information technology fires. That’s unfortunate because, in the larger scope of things, it feels like work is being accomplished, but no situation has been remedied. Your information technology partner should be working within your business, not on your business. This path of neglect is also one leading to high stress and minimum growth.
3. Life Happens: Employees can get sick, or decide to leave the business unexpectedly, even with proper planning, there’s absolutely no margin for error at this point. Sometimes, businesses are faced with opportunities, that demand immediate action, again delaying the time to think about what advantages, and needs your business now has for technology.
How Can WE Fix This?
As IT people and not miracle-workers, we can create a fully-encompassing management solution for your technology. Putting out the fire, of one of the largest problem with local companies today, aging technology. As a trusted IT partner in the Bay Area, we understand that there are many substitutes that come close to the care, and customer satisfaction provided by our staff.
If your business has been having technical issues, you owe it to yourself, and your work, to give an expert a call. To begin a no-cost conversation regarding your information technology, feel free to reach out to any of our friendly staff for further assistance.
Security awareness training is seen by many as something “nice to have,” while several SF Bay Area business owners have begun implementing our on-site training in a necessity to any business looking to protect their network and backups from encryption.
Your decision to adopt user-based education has been passed over year-after-year due to budget constraints or a lack of in-house experts to demystifying technology. Small to medium-sized businesses have suffered from these types of constraints for years when compared to larger, resource-heavy organizations.
Though it’s clear end-user education doesn’t have to be a need for many business owners, as recently as August 2017, a Better Business Bureau study uncovered almost half of SMBs with 50 employees and under, regard security awareness training among their top 3 most proactive IT expenditures, alongside, firewalls and endpoint protection.
This increase comes as no surprise, as the cybersecurity landscape has become more dynamic than ever. The average small to medium-sized business faces annual losses of over $80,000 when everything is said and done. Your staff is the front line to your business, and even the most advanced security stacks, have limitations. If you’re not educating end-users by now, you’re putting your organization into harm’s way.
Here are a few tips and trips for SMBs looking to get started with end-user training, or security awareness training:
Gather Company Buy-In
As with any new programs, starting at the ground level will ensure success. Start with building a culture of security. Yes, it might require multi-factor authentication, or additional hoops to jump through. Begin generating the “buy-in” from the surrounding management teams, sending out an email explaining the value of security awareness, phishing details, and the latest in security trends, and reports for your information technology(IT) team.
Starts with Phishing
In the current technology landscape, security awareness should begin with the MOST COMMON attack vector, email phishing campaigns. With thousands of interactive tools and designs built to mislead and steal your credentials, there is no shortage of examples, and videos showing the intricate workings. Begin with the basics, and go through the varying amounts of phishing threats. Your staff should be able to identify and mitigate any phishing attempts after your training concludes.
Share results with End Users
Use this feedback to inspire smarter habits among staff, identifying key objectives for security awareness training to engage in at a later point. Who knows, maybe you will uncover security gaps left behind by a past managed IT, provider. Raise the level of cyber awareness throughout your organization, sharing the latest encounters internally with your staff. Chances are these criminals are working more than one of you at work and this can help employees understand the impact of poor online habits and motivate them to practice better behaviors.
Continuous Training: Set up your phishing and training program
Once your users are engaged and understand the value, the next step is setting up a training program for new employees. There is no one-size-fits-all program, but we recommend running at least one training courses per year. Depending on the needs of each organization, presentations can be tailored to highlight industry-specific security.
As the business scales, you will want to scale the frequency and adjust intervals throughout the year. Our Security Awareness Training includes real-world phishing scenarios that have been defanged from the wild.
When you start seeing the impact that proven security awareness training has on your employees, you’ll wonder how your business ever managed without it. Contact us to schedule your no-cost, no-obligation security awareness training for your organization.
Planning and disaster recovery, more importantly, budgeting, is one of those tasks few business continuity managers look forward to completing every year. After all, it can become a pretty involved, and complicated processes for anyone, often seen as sobering to tally-up the final bill. Love-it or hate-it, devising a business disaster recovery (BDR) budget is a necessary evil which nobody can avoid. On the bright side, there are some simple steps you can take to ensure you spend wisely on a disaster recovery budget.
Rally the Troops
Call in the troops with a rallying cry for disaster recovery to protect the entire organization. By design, planning and budgeting should involve the CEO, or top-level management, and department leaders across the company — not only IT. Key members from varying departments like sales and customer service can drive budgeting needs by contributing valuable insights on how systems and resources are used, performing, and the maintenance needed. Business owners and CIOs can see what the plan entails, and decide how to best execute the proposed strategies while staying within the budget.
Know What’s Important
After you’ve rallied the troops and the advocates, your next step would be to focus the bulk of your disaster recovery planning efforts around your most precious asset. For most, business begins and ends with data. Data can be perceived as analytical, or informational bits and bytes that make up the information that runs your business.
Commonly, these budgets should be structured in a way, to cover vital company information from various angles. An example of this can be found at some level of most businesses. The entire organization uses a firewall(s), to ward off network attacks at the perimeter level. Anti-virus and end-point protection halt threats on production servers or prevent data encryption. Although the equipment varies from one company to another, but eventually technology breaks. Having an on-site, and an off-site backup plan will ensure that your business line data can be recovered fully, and reliably.
Business Risk Weigh-out
Now it’s time to hone in on actual disastrous scenarios. This is when your staff can assist in identifying the biggest threats to your business. Begin to engineer strategies to minimize the exposure and risks to data. Your hardware and data’s physical location is always a factor, but most organizations should thoroughly plan for both natural and accidental disasters. Although you might have prepared a comeback from fire or flood, have you given thought to disgruntled employees? What about cybercriminals, and hacking?
From here, we can begin working on a budget that properly reflects, the tools and resources needed to put your strategy in place. Our managed service partners have the freedom to budget in anything from training internal-staff in advanced cybersecurity measures to our network monitoring process. Your budget must cover the workforce needed to spring into action during these disaster recovery scenarios.
Prioritize Your Assets
One of the biggest mistakes you can make in disaster recovery planning is treating each system and process as equals. Why? Because it often leads to employing “grade-A” protection across your infrastructure. Not quite sure where your resources rank in the pecking order? Well, this is where a detailed business impact analysis (BIA) comes in handy. A BIA will identify each resource in your environment. It will also help drive your budgeting efforts based on their order of importance.
Fund Your Budget Wisely
Smart budgeting is about setting your limits and staying within those very boundaries. Your ability to stay within that safe zone will largely depend on your organizational structure, but some companies are already allocating a sizable portion of their budget towards disaster recovery services. Typically, we see those that operate disaster recovery as its own separate line-item, taking a more targeted approach for every department.
Unfortunately, things don’t always go according to plan. Failed backups or lapses in communication, these roadblocks can lead to stumbling over the hurdles to recovery. Your disaster recovery can be seen as an ongoing process, without a time constraint, you can periodically test your solutions along the way.
If your company is struggling to get over any of the hurdles on the road to successful disaster recovery, contact us to begin a no-cost, no-obligation conversation with one of our friendly staff members.
According to the data, there were a total of 3 natural disasters in the state of California in 2018, resulting in $180.8 billion in insured losses. That’s up from the $23.8 billion last calculated in 2016. With a bad wildfire season just around the corner for the Bay Area, we’ve already seen an active Winter, with mudslides, and flooding through-out, followed by that sweltering California heat.
Despite their frequency, natural catastrophes aren’t the only disasters you and your customers have to worry about. The rest is attributed to instances such as data corruption, system failure, and human error. In fact, hardware failure is responsible for half the downtime that small to midsize businesses experience.
When Risk Management Meets Disaster Recovery
Unfortunately, ideal scenarios and real-world scenarios are two different things. While it sounds good in theory, trying to protect against every possible catastrophe is cost prohibitive and therefore impractical for most businesses. Helping develop a Risk Management and Disaster Recovery Plan for the most likely “disastrous events.”
Risk Management Plans assist in spending wisely, by budgeting for disaster scenarios that pose the biggest threat to the business. For instance, if a data center is located in Southern California, then earthquakes are a legitimate concern. On the other hand, if you’re in the Northeast–then snow storms are something you should plan for during the winter months.
Whether your risk management efforts uncover one type of event or another, there are certain disasters every organization should plan for. Educating employees on the importance of security, data backup, and consistent testing being cornerstones of any disaster recovery plan.
When onboarding our managed services clients, we remind them that solidifying a commitment to security can help prevent disasters, while a best-in-class backup and recovery plan is essential when disaster does strike. Periodically test procedures within your organization to make sure staff as prepared and data can be recovered–because just a plan itself, is all but useless.
You never know when disaster will strike or in what form. What you can do is anticipate the biggest risks for customers and help them prepare for the worst. At the end of the day, disaster preparedness is the key to risk management.
Have a question regarding your organization’s disaster recovery plan, or any risk management surrounding your business? Contact us – for a no cost, no obligation conversation, with one of our friendly staff members.
Dreading your company’s technology review because you can’t show how your technology is performing? Have a provider suffering from a lack of ideas on how to truly accelerate technology? You’re not alone – these are common symptoms for Bay Area businesses having selected the wrong managed IT service solution.
Who could blame you? The marketplace is crowded with vendors and tools that promise to deliver exactly what you need. Even the “do-it-yourself” path, with homegrown systems or spreadsheets, can seem like you’re moving in the right direction.
Sooner or later, you will sense “something is wrong,” but you can’t quite put your finger on what exactly. If that’s you or could become you, check out these 10 warning signs that your company needs to make a change:
8 Warning Signs You’re Using the Wrong IT Service Solution:
1) Lacking a consolidated point-of-service for all technology related matters
2) Tired of burning service hours on re-active support instead of proactive thinking?
3) Bouncing between different relationship and account managers within your IT support’s organization?
4) Weeks have passed without any word from your account manager or that IT Guy you hired
5) There’s no personalization – Your IT support never seems to know your network, let alone, your name
6) No one owns the roadmap for projects, unplanned work, updates, and changes
7) The “out-of-the-box” support solutions were over positioned, and don’t deliver
8) Your “good enough,” functionality isn’t good enough for your management team
Coming to the Realization That You Didn’t Make the Right Choice?
Make a change — your next quarter doesn’t need to be a repeat of this quarter. The bottom-line is that executives need to know technology is being supported by scalable trustworthy, technology partner. This includes building a check-list of “would-like-to-have” features, “must-have” features and “deal breakers.”
Reference your list closely as you vet future products and solutions. Finally, it’s smart to secure feedback from others in your industry or channel. Consider inviting potential solution providers to your site, to your team a solution demo.
There’s no doubt this process is rigorous. But, it’s what’s required to find the best IT support and service solution for your organization. Contact Us – for a no-cost, no-obligation, conversation regarding unlocking the true potential of your business network and managed IT service solution.
Managed Service Providers have always strived to deliver the most stringent options in endpoint security to their clients – but a solution that just detects threats ISN’T enough in today’s business ecosystem. To be truly effective, security platforms must also be designed for the modern requirements of the business. Accommodating the move towards a “digital transformation” includes cloud security solutions, and mobile device management(MDM), to deliver a swift, familiar response to these emerging technologies. This means avoiding overly complex implementations, or cumbersome management platforms and, in some cases can lead to errors that cause vulnerabilities instead of correcting them.
Here are 6 critical features to look for in your MSPs endpoint security solution:
1) Remote Access:
Many MSPs work on the go, logging into vital applications from multiple devices while on the go. Your endpoint security platform should provide the same kind of remote accessibility, to ensure administrators are able to detect and prevent threats from anywhere, at any time of day. Your solution should be cloud-based and delivers complete functionality from mobile devices to respond quickly to sudden threats. In most cases, cybercriminals don’t wait for business hours to strike.
2) Reliability in Protection:
When evaluating an MSP’s security platform review the industries perception of its performance in threat-detection and migration. Compare, and contrast, vendor performance and industry ratings for threat detection and mitigation and too many false-positives. Not only are they unlikely to provide adequate protection, but they create more work for internal teams. It should be noted, enterprise-grade solutions, offer granular controls and permissions.
3) Advanced Threat Protection:
Malware changes constantly, as one threat is being handled, several more will appear. Be certain your MSP or internal team can sustainably manage the amount of work that goes into endpoint protection. Look for software that offers advanced threat mitigation tools like Barracuda, Windows Defender, or Webroot SecureAnywhere offer enterprise-class device controls, machine learning, malware behavior analysis and largely, threat intelligence clouds. Mission critical features should also include, intelligent anti-phishing and anti-spam defenses, (DNS, URL, and Packet) as well as browser and application, exploit defenses.
4) Ease of Installation:
With a dynamic security landscape, endpoint protection can’t afford a large implementation process with steep learning curves, and assumptions being made. What business owners want, is a turn-key solution without hassle. Simplifying migrations from legacy server-based solutions to a more robust hosted solution. This provides teams the flexibility to set policies and rules, to complete tasks in the matter of a few clicks.
5) Comprehensive Reporting:
Your MSP needs as much information as possible, about the environments they plan to protect – along with the ability to quickly, and effectively share information with clients, in an effort, to promote more secure computing. That is why in today’s technology landscape, reporting has become so crucial to many businesses, and being able to condense all that information into report provides actionable insights for business owners. The more granular the report breakdown, the more useful it can become.
6) Automated Updates:
What business has time to worry about whether their security platforms are up to date, and actively protecting endpoints? They need a more-simple ware to stay protect without manual intervention. By providing a modern security solution, there’s never a concern with missed patching or unknown threats – and attention can remain focused where it’s needed most: protecting employees and companies.
Overwhelmed & Not Sure Where to Start?
You’re not alone, Clare Computer Solutions has provided the SF Bay Area with the “peace of mind” business leaders seek for over 30 years. If you plan to get a grip on your security policies for 2018 and 2019 to mitigate the threats of vulnerabilities, ransomware, and hacking, contact us to get started.
Having a Managed IT Service Provider (MSP) in your IT mix can free-up internal staff for more strategic projects, like that app you always wanted, or those file-sharing tools your employees need. Establishing a strategic partnership with your IT vendor is essential to the relationship’s success. After 30 years in the IT Service realm, these are the biggest misconceptions, surrounding your current MSP, and internal teams.
“Bargain-Shop” Managed IT Service Provider
Organizations are continuing to turn towards MSPs to handle certain IT functions, as an extension of their internal teams. Although it appears most businesses see the value of augmenting a Managed Service Provider, many are looking for the “cheapest” option available.
This highlights the very reason an organization turns to a Managed IT Service Provider in the first place – for change. Cost-savings were always seen as benefits to Managed IT Services, but many have shifted their mindset, from finding the lowest price to hunting for the greatest value.
Look for MSPs that have experience in your industry, and speak less about technology. Across the board, you want a partner that can explain business outcomes, and how services can help shorten the roadmap to your goals, not pushing product. Managed Service Providers share business perspective, not technology pushed by vendors. The only way to avoid “deadbeat-IT” is by leveraging outside partners that carry proven track records with established clients.
Top Managed Service Providers Extend Proficiency and Reach
Your MSP usage doesn’t have to be confined to break-fix services related to hardware and its availability. Many CIOs are looking for MSPs that can deliver advanced services, like virtualization, converged-infrastructure or Security-as-a-Service.
With an increase in demand for services around network analytics, business intelligence, and application monitoring, your service provider should have an evolving offering. One that meets the demands of a dynamic technology landscape. It should be noted, a shift with some MSPs has begun, as we’ve seen several refuse the extension to support legacy infrastructure and outdated software.
Partners, NOT Replacements
While more and more companies are relying on outside help for IT needs, MSPs should complement your internal team, rather than replace it. Instead, this frees up existing assets to focus on core business functions, to better utilize company resources. Many of our clients have claimed it brought IT departments, “out-of-the-shadows” and allowed them to focus on core initiatives, a win-win for your IT staff.
Your MSP should provide you with strategy, documentation, repeatable process, access to their ticketing portal and friendly staff welcoming your calls. Company technology doesn’t have to keep you up at night.
Contact Us – to discover how Managed IT Services with Clare Computer Solutions can begin to benefit your business overnight.
Things move fast in business, but they move even faster in technology. Because of this, many business’ Information Technology (IT) infrastructures are poorly planned and can be fixed once a user can document technology. Technological tools are often deployed to address a specific problem, without consideration to the entire infrastructure. Decisions are made to address short-term issues with little or no regard to the company’s long-range plans.
When a company wants to plan for growth or improve its technology, it becomes increasingly more difficult to get a handle on the current situation, which makes strategic planning nearly impossible. You can’t find the finish line if you can’t find the starting line! Here are some suggestions:
Perform Regular IT Assessments
Ideally, every change or addition to your IT infrastructure would be properly documented immediately, but with the pace of technology and the advent of the “Bring Your Own Device” movement, this may not be practical. But once or twice a year, an assessment of the entire Technology infrastructure should be performed, this provides technology managers inside your company the ability to make better, more informed decisions than ever before.
Cycle-Out Unused/Obsolete Assets
Clutter grows on its own, whether in an attic or in an office. Apply the notion of “Spring Cleaning” to the business and at least once a year, get rid of computers and devices you don’t use or need. Aging or unused devices have grown to become the largest security threat, followed closely behind by remote desktop protocol. As technology begins to age, you will notice resources being pulled-away, incrementally, in as supportable life-span is nearing its end.
Documenting Your Infrastructure
When the time comes to implement a sweeping growth initiative, you will need an up-to-date, accurate and relevant view of your current infrastructure. This should consist of both asset lists (devices, computers, software licenses) and a network diagram.
When you document technology, you can manage your technology. But who’s got time to do all this stuff? Who have the skills to apply this level of organization?
Clare Computer Solutions have the tools and the experience to handle IT documentation quickly and efficiently if you’re tired of half-done network diagrams, that never seem to stay updated. We handle multiple networks, so we can apply this broad experience to provide expert advice on your company’s technology strategies. Contact us now to get started!