365 Technologies Blog

So, How Do You Make Money?

Tue, 07 Feb 2012 12:00:00 AM

I've loved business for as long as I can remember. Sure, I went through the Police Man / Fire Fighter / Astronaut phase in my early years, but ever since the 'what are you going to be when you grow up?' question started getting serious, I've wanted to work in business. It's exciting to me that someone can take an idea, apply expertise and resources, and build a company which has the potential to create jobs, generate a return for shareholders, and contribute to the economy. I often find myself trying to understand other businesses, and business models. One way I do this is by asking the question 'So, how do you make money?' The answer can reveal a lot about the value proposition to the customer. For this month's blog, I want to compare two models of technology support businesses: Traditional (Break/Fix) and Managed Services, look at how each model generates profits for the service provider, and the implications for you, the client. A traditional support provider charges for support on an hourly basis. Sometimes, there is the option to pre-purchase blocks of hours at a reduced rate, but the underlying logic is the same. A Managed Services provider (like 365) charges a fixed rate per month based on the size of a client's network (workstations and servers), then includes all support, proactive management, Anti-Virus, Anti-Spam, Backup, and technology consulting. At a very basic profit & loss level, the models look like this: There is one key difference I want to focus on: support hours. Under the traditional approach, support hours are a revenue driver. For a traditional service provider to grow their business and be more profitable, they need to increase a) the number of issues their client base is having; and b) the amount of technician time those issues take to fix. Under managed services, support hours are a variable expense. For a managed services provider to grow their business and be more profitable, they need to decrease the number of support hours required by their client base. How? By ensuring that client networks are stable, well-maintained, and reliable. We're admittedly biased, but we think a model that rewards network stability rather than network problems is a model that is better for our clients. So, how does your technology support provider make money? Are they profiting from your problems? Does their business model align with your technology goals?

2012 - Proving the Mayans Wrong

Mon, 09 Jan 2012 12:00:00 AM

It's early into the New Year, and you've no doubt already heard many mentions of the Mayan prediction that the world will end at the close of 2012. Whether you believe the prediction to be true, or that the Mayans simply ran out of room on the rock, there is something to be learned from this apocalyptic warning. Studies show us that most small businesses are not equipped to survive a major disruption to their business systems - which means they are at risk of an 'end of the world' event each and every day. In 2011, 365 met Winnipeg businesses who have experienced: - Complete site loss due to fire - Prolonged power outages - Server and data loss due to theft While the likelihood of these events is admittedly low, their impact can be catastrophic. In fact, many businesses don't recover. So, the question becomes where to start? Let's assume that your business already has a backup plan in place (if not, we can help) what extra steps are needed to develop a disaster recovery plan? Here are 3 suggestions: 1. Identify your Essential Business Data Ideally, businesses should be protecting all of their data. In practice, some data is more important than other. Identifying mission critical information, and protecting it, is an important part of any disaster recovery plan. For example, while some data may be backed up on a daily basis, a system that receives multiple updates throughout the day (such as an accounting application) may benefit from a real-time solution that sends updates to an offsite location several times daily. 2. Identify your Mission Critical Systems If your business system became unavailable due to a disruption or loss, what would be the first things you would need access to? Email communications? Financial System? Another critical business application? Where do these systems reside today? Are there contingency plans in place? How quickly could access be restored? 3. Know your Downtime Tolerance, Business Needs, and Budget There are many options available to businesses to protect their business systems. Generally speaking, the cost of these options increases with the level of protection. Your specific disaster recovery solution will depend on your business, its specific needs, your tolerance for downtime, and your budget – all things that need to be discussed before looking at solutions. As a starting point, take our 2 question disaster recovery quiz. While we fully expect the world to still be here a year from now, we hope you'll take advantage of the year ahead to protect your business from an 'end of the world' event. If you would like a consultation on starting your Disaster Recovery planning process, we would be happy to help.

IT Services as a Commodity

Wed, 07 Dec 2011 12:00:00 AM

"What's your hourly rate?" It's a question that we get asked frequently as we meet with business owners. We understand – people want to know what a service costs, and need that information to properly evaluate what is being offered. Used in conjunction with other evaluation criteria, price is an important thing to know. However, when price becomes the only factor in a purchase decision, we risk reducing the product or service being considered to a commodity. Commodities are homogenous, interchangeable goods or services – lacking differentiation. When making a commodity purchase decision, price IS the only criterion. For some companies, technology support has become a commodity. Their view of IT services sounds something like this: "Network support companies are all basically the same. I call when there's a problem, a technician comes out to fix it, and they charge me an hourly rate for their time." If this is true, then price really is the only thing to consider. However, we think there are some good reasons why IT services don't fit into this category. Here are 3 to consider: 1. Results vary This is the single biggest indicator that IT service is not a commodity. The results being achieved by businesses vary significantly. As we speak to businesses, we see a wide range of server health, data protection, and network uptime. Many businesses that we meet with tell us they're doing 'fine', when on closer inspection there are any number of 'ticking time bombs' with the potential to cause major business disruptions. 2. Changing isn't free Unlike commodities, which are interchangeable at a low cost or no cost, changing IT service providers isn't free. The cost of a new provider learning your network environment, re-training your users on how to get support, and undertaking the necessary security precautions are all costs incurred by you, the client. 3. Cost of failure is high IT service providers occupy a unique trust position with their clients. Not only are they tasked with keeping the company's key systems up and running, their administrative access gives them access to your most sensitive data. All networks support companies may 'look' the same, but selecting the wrong company to entrust with your business systems can have significant negative impacts for your business. So if price isn't the only consideration, what should companies be looking for in a technology management company? Our 5 questions to ask before the handshake is a great place to start! This is our final blog post for 2011. From the team at 365, we wish you and your family a Merry Christmas, with health and happiness for 2012. Thanks for reading!

IT is about Results!

Tue, 08 Nov 2011 12:00:00 AM

There is a new movie out right now called Moneyball, and starring Brad Pitt. It tells the true story of Billy Beane, the General Manager of the Oakland Athletics baseball team in 2002. Faced with the departure of some key players, and a low budget, Beane begins to challenge the prevailing wisdom around indicators of player performance. Instead, by applying rigorous statistical analysis (called Sabermetrics), he begins to uncover better indicators of a player's offensive success. Armed with these new metrics, Beane is able to find players undervalued in the market, and puts together a competitive team with a fraction of the money of his competitors. Is there a lesson here for your business, and your technology support? Absolutely. When we talk to companies working with a traditional, reactive support company, they often speak of their vendor's performance in terms of response time. While responsiveness is an important element of delivering technology support, it is not the best indicator of optimal technology management. Rather, we need to focus on metrics that are results-based. For us, this means 2 things: Uptime. Are we achieving a high level of system availability? Employee Productivity. Have we successfully removed technology management from internal employess and freed them up to focus on value-added work that drives business performance? It is impossible to achieve good results on these 2 metrics simply by being responsive in a reactive support role. Achieving high uptime levels, and ensuring improved employee productivity requires the application of a comprehensive approach to service delivery, and one that incorporates proactive network management. We recently gave some of our clients the opportunity to talk about the results they have seen working with 365 Technologies as their IT department. You can see what they had to say here: 365 Results "Our network is never down" "We're able to get back to the business of great design" "We have more time to focus on delivering excellence to our customers" How are your results? Are you focused on the right things, or is a different approach needed?

Lessons from Year 1

Wed, 05 Oct 2011 12:00:00 AM

365 Technologies has been active in the Winnipeg market for just over a year now. Next week, we'll take some time to thank our clients, partners, and friends at an appreciation night. It's funny – things never quite turn out exactly as you expect, and this past year has been full of learning opportunities as we set out to change how technology is managed for small and medium-sized (SME) businesses in Winnipeg. In the past 13 months we've spoken to hundreds of companies, and met face-to-face with over 100 decision makers. Here are 3 lessons that stand out from those conversations: Lesson 1: Poor technology performance is too easily accepted As we've taken the time to understand their respective businesses and the role that technology plays in supporting their growth, we've been surprised at what owners consider to be 'ok' when it comes to their IT. Slow computers, unprotected servers, uncertain backups, and cumbersome workarounds to name just a few. The reality is that there are few other areas in a business operation where this performance level would be accepted - not from employees, suppliers, or accounts. This doesn't have to be the case. Today, solutions that were once restricted to large enterprises are fully available to small and medium sized businesses. Cloud-based service delivery models allow companies to benefit from enterprise-class solutions under a monthly subscription, saving significant upfront hardware investments. Where hardware is required, manufacturers are increasingly offering solutions targeted to the SME market. Having a network that is robust, reliable, and budget-friendly is entirely possible. In the same way, companies have settled for less-than-ideal support from their IT service providers. Slow response times, erratic billing, and a reactive approach to technology management are widely accepted. We believe Winnipeg businesses can do better. Lesson 2: There's a LOT of data still at risk We've posted some of our data loss horror stories here previously. While the businesses we meet with unanimously understand how vital their business data is, we still encounter companies weekly whose data is unprotected, and who stand to experience significant business disruption if a data loss occurs. We believe that this is the single biggest issue facing small businesses, which is why we've talked about the business risks involved, and the need for building strong routines. Lesson 3: A different understanding of IT costs is needed It's never easy to convince people to look at something differently. When we talk to prospective clients about their IT costs, they inevitably refer to the bills they receive from their current break/fix service provider – and we are almost always more expensive. It is only when we start to look at the impact that technology has on employee productivity that a truer picture of IT costs comes to light. Downtime, productivity loss from slow systems, and use of internal staff are all elements that need to be considered when evaluating a company's support costs. It's been a great first year! If you're already a 365 client, thank you – we look forward to a continued partnership that supports your company in the pursuit of its goals. If you're not, we hope this blog continues to bring you valuable insights, and we welcome the opportunity to work with you.

A Return to Routine

Wed, 14 Sep 2011 12:00:00 AM

While January 1st marks the beginning of a new calendar year, it is always the beginning of September that has more of a 'new year' feel for me. The end of summer holidays, the start of the school year, the reappearance of flocks of geese – it's a return to routine, and I love it. As you settle back in, take some time to evaluate the current routines around your company's technology. Are there areas where routine has gotten off track? Are there new routines that should be put in place? Here are 4 good places to start: 1. Backups What is being backed up? Are all critical file stores being included? Has anything changed? When are backups happening? How often? When was the last backup restore test done? 2. Security Have you established routines around password management? Are you enforcing strong passwords? Do they expire regularly? 3. User Management Is there a documented process for setting up a new employee in your business systems? How is access granted / controlled? Is there a documented process for departing employees? How are your systems secured/protected against former employees? 4. Asset Replacement How are computer assets replaced? Is there a routine in place to review inventory and ensure oldest assets are replaced first? Finally, if you are using a service provider to support your business network, ask what routines underlie their service delivery. We rely heavily on routine to support our 365Care+ clients. Our most important routine is our monthly best practices visits. Our team has developed a comprehensive set of best practice checklists, covering important areas such as network security, infrastructure, and backup & disaster recovery. Once per month, a 365 Network Administrator is dispatched to each client site. Using a checklist, they look for areas where a client's network may be short of the ideal standard. From there, we identify potential risks to the client, and a plan for remediation. It takes our new clients a few visits to get used to seeing a technician on site when there's nothing wrong, but they soon learn to appreciate the importance of these proactive visits to ensure the ongoing stability and reliability in their business systems. It's a great time of year to start fresh, to improve, and to do something new. Investing some time in evaluating your current technology support practices can reap significant benefits for the year ahead.

Before the Handshake (5 questions you MUST ask any prospective technology vendor)

Thu, 04 Aug 2011 03:53:00 PM

The handshake. A simple gesture that can communicate so much: congratulations, gratitude, sportsmanship, and often, the completion of an agreement. It's the last one that I want to focus on. In the context of entering into a service agreement, the handshake (as a figurative representation of a signed deal) marks an important transition for you, the customer. It is the threshold between a sales/evaluation phase, and an engagement/delivery phase. This is not a transition that should be taken lightly. Far too often, companies find that their experience after signing an agreement is different than the expectations they developed in the sales/evaluation period, creating a level of dissonance / buyer's remorse. Companies can safeguard themselves against some of these surprises by asking specific questions around the actions and processes that follow a signed agreement, before they enter into it. Here are 5 questions to ask any prospective technology vendor before closing the deal (and why you should ask them): Question 1: Is there a documented on-boarding / on-ramping process? Can you see it? Why ask? If the proposed service has any level of complexity, the vendor should have a documented process for implementations. In our area of expertise - managed IT services, adding a new client is a significant undertaking. Our on-boarding process moves through 6 distinct phases: Sales Handoff, Client Set-Up, Knowledge Transfer, Technical Data Gathering, Deployment & Documentation, and Communication & Training. On average, it takes our team 4 weeks to on-board a new 365Care+ client. If a vendor does not have a documented process for bringing new clients on board, it is often a good indicator that other aspects of their service delivery are not supported by process. Question 2: How is successful service delivery measured? What performance metrics are in place? How is the vendor's performance reported to you, the client? Why ask? A vendor that has established benchmarks for performance demonstrates a commitment to continuous improvement in their service delivery. Carefully consider how these benchmarks align with your own expectations. Conversely, the absence of key performance metrics should raise a red flag. How is success measured? What steps is the vendor taking to ensure consistent, high quality service? Question 3: What feedback mechanisms are in place? Why ask? The presence of a simple, visible mechanism for client feedback demonstrates a certain level of confidence on the part of the vendor. At 365, every one of our closed service tickets is followed by a 3 question survey. Every completed survey is reviewed, and any survey with a score below an acceptable threshold is followed up in person. It's why over 10% of our service tickets receive a completed survey. We want to know immediately if we've met our clients' expectations. Asking whether your prospective vendor has a feedback mechanism in place is also a great way to determine if your feedback will be taken seriously once the agreement is signed. Question 4: How are performance failures identified and handled? Why ask? No vendor will execute perfectly 100% of the time. How a prospective vendor identifies performance failures, and whether they have a process for handling them will tell you a lot about your potential client experience. Assuming there are benchmarks in place (see Question 2), what happens when performance target (response time / customer satisfaction / issue resolution) is missed? Is the onus on you, the client to report these problems? Finally, if performance issues go unresolved, how easy is it to terminate the relationship? Are you locked in? Are termination charges used as a means of holding you hostage? Question 5: What has been the experience of recently added clients (references)? Why ask? While it is fairly standard to ask a prospective vendor for references, the ones provided are usually hand-picked by the vendor, and are quite certain to provide positive comments about them. By asking to speak with recently acquired clients, you are asking for relevant feedback from other companies who have just been through the process of implementation/on-boarding that you are considering. How did it compare to their expectations? Were there any issues? Anything you should be aware of? By taking the time to ask these questions before the handshake, you greatly increase the chances that your experience afterwards will meet your expectations, and your new vendor agreement will begin delivering the end results your company desires.

We're on Facebook!

Tue, 12 Jul 2011 12:00:00 AM

Come 'Like' us!

Charting the Course (4 reasons why your business needs strategic technology planning)

Mon, 11 Jul 2011 12:00:00 AM

At 365, we have the opportunity to meet with many new and prospective clients. Something almost all of them have in common? Little to no sign of strategic technology planning. Instead, technology is managed on a reactive basis in response to immediate demands. Hardware is replaced as it breaks, and software is added as needed. In many cases, responsibility for managing these decisions is delegated to an office manager or administrator, removing executive involvement. As you can guess, this ad hoc approach has a number of draw backs: As the business grows, the technology infrastructure to support it is insufficient. Many companies make decisions on their technology 'in the moment', without considering how they will impact the business as it grows. For example, we encounter many companies that have grown to a size where a server now makes sense, only to discover the 'Home' versions of the operating systems on their computers don't support a client-server environment. The result is a costly upgrade of multiple operating systems, which could have been avoided if earlier purchase decisions had been made with growth in mind. Higher capital costs. Having a hardware replacement schedule ensures that you know when equipment is coming off warranty, and which servers/workstations are scheduled for replacement in a given year. This ensures that assets are replaced in a logical fashion, maximizes the return on your investment, and lowers overall capital spending on equipment. Further, being able to plan for the retirement of aging equipment improves uptime and productivity, as you can phase out old hardware before it actually dies. Technology budgeting is difficult / inaccurate. Without a plan, or technology roadmap, technology costs become unpredictable. Unforeseen technology breakdowns or new purchase requirements drive costs and create high variability from year to year. Unintended complexity and redundancy. Without a plan, technology decisions get made without consideration of the overall environment. The result can be a mish mash of systems which may overlap in functionality, or not properly integrate. The importance of technology planning - it's why every one of our 365Care+ outsourced technology support packages includes our myCIO (Chief Information Officer) service. Once per quarter, a 365 executive will meet with the key stakeholders in your organization to conduct a strategic technology review. In addition, our myCIOs are available for phone call and in-person meetings to advise on strategic technology decisions. If you would like more information on creating a strategic technology plan for your business, give us a call or send us a note – we'd love to help!

Where's the Beef? (A Lesson in Challenging Assumptions)

Mon, 06 Jun 2011 12:00:00 AM

On occasion, in a staff meeting or a consulting session with a client, I've been known to utter the phrase 'that sounds like a roast beef story'. Understandably, this gets me a few confused looks. The Roast Beef Story is an old tale about a young woman who has her boyfriend over for a roast beef dinner. When she serves him the meal, he savours the wonderful aroma but notices that the ends of the roast are cut off and asks why. Puzzled, the young woman replies she doesn't know the reason why, but it's the way her mother always cooked roast beef. So she calls her mother to find out why she cut the ends off the roast. Amazingly enough, her mother says she doesn't know either but that's the way her mother always did it. Now the mother proceeds to call the Grandmother who says that the reason she cut the ends off the roast beef was so it would fit in her small oven! Obviously, the need to cut the ends off the roast was long gone, yet two generations continued to do it without even knowing why. The moral of the story of course, is that just because you've always done something a certain way, doesn't mean it's the best way. Circumstances change, and processes should be regularly reviewed for efficiency and effectiveness. Challenging assumptions and using iterative techniques like the 5 Whys are great ways to determine underlying rationales, and generate discussion around process improvement. As a technology management company, we see our fair share of roast beef stories. We've visited more than one business where someone is responsible for faithfully changing the backup tapes every day, but the backup software hasn't been working for months! The most common roast beef story that we encounter is a reactive approach to technology management. Most businesses have settled into a routine of dealing with computer issues as they arise. They believe that if servers continue to run, and their support company responds when something breaks, that their technology is being managed (or they're 'fine'). The reality couldn't be farther from the truth. Businesses today, both big and small, are placing increasing pressure on their information systems. A proactive, managed approach to technology is absolutely essential for companies looking to mitigate security risks, decrease downtime and business interruptions, and maximize the return on their technology spending. So, where are the roast beef stories in your business? Do you take the time to review your business processes on an annual or semi-annual basis? Are people free to challenge the very assumptions that might drive the way your company operates? Finally, do you ever hear the response 'that's just the way we've always done it'? Next time you do, you can smile and say 'sounds like a roast beef story to me!'

The Importance of Early Detection

Thu, 05 May 2011 12:00:00 AM

Every now and then, something starts circulating through Facebook that grabs my attention. The most recent is a video called Dear 16-year-old me, produced by the David Cornfield Melanoma Fund. Watch it if you haven't, and pass it along. It's important stuff, and could save a life. The video's message is one that we hear repeatedly: Understand and reduce your risk factors Get checked regularly Early detection is critical So what does this have to do with your business? While the loss of your company's data is not a matter of physical life and death, it's serious, and in fact a significant number of organizations don't survive a major data loss. Even so, many of the companies that we meet with don't realize the seriousness of their situation. Here are 3 true stories from the last month (names withheld to protect the innocent): Computer theft: One of our employee's dentist had a break-in last week, and all of their computers were stolen. They had no backup – nothing. They don't know what appointments are booked, what receivables are owed, or who their customers are. They will spend countless hours trying to rebuild this information Private Data Exposed: I visited a health care practice earlier this week. When I asked how their billing system was being backed up, the Office Manager showed me the USB drives that she carries in her purse. I asked if the data on the drives was encrypted – it wasn't. Should that purse get stolen, or left behind in a ladies' room, every single client's personal data could be exposed, with potential legal ramifications for the practice. Database crash: The landscaper we used to do our front yard last year stopped by the house with a letter. Their client database had crashed, and they were visiting past clients in person to piece the information back together. Each of these stories could have been easily prevented, and there will undoubtedly be another batch this month. Our online backup solution starts at $5.95/month, and there are many more just like it. I don't believe that it's cost that keeps businesses from taking data backups seriously – rather, I believe it's a misunderstanding of risk and impact. Many businesses just don't believe that a data loss could happen to them. It's an unfortunate reality that most small businesses start evaluating their backups after a data loss. So, here's the business homework for this month: Ask someone who knows how you're backing up your critical business data (What / How Often / Where To) If you're taking backups offsite (and you should be), where does it go? Is it secure there? Is the data encrypted or password-protected? 2. Are you testing your backups? When was the last time you did? Early detection – in health, and in business systems, can be the difference between a minor inconvenience and something far more serious. If you need help, or would like to speak to someone about the tools available to protect the information you use to run your business, Give us a call or send us a note. We'd love to hear from you. For more information about cancer research and prevention, see CancerCare Manitoba. Remember that early detection is critical - see your doctor regularly.

Spring Cleaning for your Computer Network

Tue, 05 Apr 2011 12:00:00 AM

While I'm still hesitant to say so, it looks like spring is finally coming to Winnipeg, and with it, the annual ritual of spring cleaning. Washing baseboards, dusting vents, and cleaning light fixtures – all while shaking your head in amazement at the dust and dirt that can accumulate over a few months. While you're undertaking (or in my case, ignoring!) those spring cleaning tasks for your home, we'd like to remind you of a few items that should be performed semi-regularly on your company's computer network. Here are 3 items for your network's Spring Cleaning Checklist: 1. Conduct an Inventory Review of your Technology Assets Every company wants to maximize the return on their technology investments. One way to do this is to maintain an accurate inventory of hardware & software assets, and manage the replacement process carefully. A semi-annual review of your hardware and software inventory can help you ensure that: Older assets are replaced first; Opportunities to re-deploy hardware within the organization are identified ; Software is properly licensed and vendor supported; and A current list of assets, with serial numbers, is available for insurance claim purposes Some service providers (including 365) can assist you with this process. We have tools in place which allow us to capture a full inventory of our clients' computer assets and software licenses every 12 hours - and report these to you whenever you need! 2. TEST your Backup Restore Process Regardless of the method you use to protect your company's critical data, it is important that you have a tested and verified restore process. Unfortunately, many companies wait until they have a data loss to discover that their restore process does not work as expected. The complexity of your test will depend on the size and complexity of your backup. If you are unsure about when the last time your restore process was tested or how to undertake a test, ask your system administrator or service provider – and establish a schedule of regular restore testing. 3. Audit your User Accounts and Folder Permissions While shared folder access is an essential part of working in office teams, it can also create concerns around security and privacy. Changes in employees (new hires, terminations, promotions), as well as the movement of data around the organization can both result in security risks. Taking the time to conduct an audit of folder permissions and user accounts is good practice for managing the security of your network and data. Here are some items to consider in your review: Have inactive accounts been removed from the company's network? Is access to sensitive company data (financial records, employee information, etc.) restricted to only those users who require access? If employees have had a change of roles or responsibilities, have their folder permissions been updated to reflect these changes? Has any sensitive data been incorrectly saved to unsecure shared drive locations? In addition to a scheduled audit, establishing a change control process for folder permissions can ensure that access rights are properly maintained on a go-forward basis. Put these 3 items on your spring (and fall) checklists – or seek out a solution provider who can help you – and you're on your way to seeing better returns from your technology dollars, and less issues. If you need help, or would like to speak to us further about how we're working with Winnipeg companies to simplify their technology management give us a call or send us a note! We'd love to hear from you!

Save Time and Money by Putting an End to Spam

Thu, 03 Mar 2011 12:00:00 AM

Spam can comprise a significant % of your company's incoming Email messages. With its nonsense text and offensive advertisements, it is probably the single most cursed by-product of the Internet. It wastes the user's time, and by extension, it costs you money. Multiplied by the number of employees, the cost of lost productivity can be substantial. Spam carries a deadly payload of viruses and other infections that can cripple your computers, ruin your data, and spread rapidly through your network. A recent study (.pdf) indicates that despite knowing the risks of opening spam Emails, 46% of respondents still did so – putting their computers and the network at risk. Spam clogs your Email server so the real traffic doesn't get through and can hijack your server to relay more spam,landing you on a blacklist so you can't send legitimate Email. Lastly, Spam uses storage space on your company's Email server, resulting in unnecessary storage costs. Dealing with spam after/as it arrives is the wrong approach Most spam solutions try to deal with the problem Email messages as they arrive at the mail server. These solutions tie up valuable server resources that could be devoted to supporting value-added work instead. Anti-spam software, installed on your PC, provides some protection but it still ties up your computer resources and is time consuming to administer – defining filters, black lists, keywords, white lists, and so on. And you still have to check every message for false positives – legitimate messages that get caught in the anti-spam net. There IS a better way 365MailSafe (Powered by McAfee) receives and filters your Email in the cloud in two steps: We sequester known spam from known spammers, and reject it immediately - your users never even see it. We quarantine suspected spam and deliver it to your users in a daily Email summary. Quarantined messages reside on our proxy server, so users are free to open messages and attachments with no risk to your network. From there, they can release any legitimate messages to their Inbox. The benefits? Time dealing with spam is absolutely minimized. There is no hardware or software to install at your site, and none of your server resources are used to process spam Email. Most importantly, your employees have more time to focus on growing your business – which should be the goal of any technology solution. Is Spam an issue for your business? Would you like to be done with Spam for good? We can help. Give us a call or send a note – we'd be happy to help.

Disaster Recovery Planning, Simplified

Mon, 07 Feb 2011 12:00:00 AM

I'll be the first to admit that technology service providers have a habit of overcomplicating things. We'll talk about protocols, cloud computing, and desktop optimization – all while our listener gets that glazed-over look in their eyes. One area that can appear particularly daunting to business owners and managers is Disaster Recovery. Most of the companies that we meet with have some form of data backup in place (even if the quality of their backup systems vary widely) – yet recent studies indicate that the majority of small and medium-sized businesses have no disaster recovery plan. This, despite the fact that the businesses polled experienced an average of six network outages in 2010. In the interest of keeping things simple, and perhaps starting the conversation of disaster recovery planning in your business, here is a simple 2 question test. Keep reading, even (especially) if you're not able to answer: Question 1 If the systems that we use to operate our business became unavailable due to a serious server failure, it would take ______ hours to restore our systems to fully operational status. Question 2 If we were to suffer a complete site loss (flood/fire/natural disaster) which destroyed our servers, it would take _____ days to have our critical business systems back in operation. Alright, pencils down. So - how did you do? Were you able to answer both questions, or is there some uncertainty around your company's disaster readiness? If you were able to answer one or both questions, are you happy with your responses? If you weren't able to answer these questions, that's ok – you now have a starting point for looking at disaster recovery planning. Until you know what the impact of a server failure or site loss will be on your business (in time and money), you can't truly assess whether your risk level is acceptable. Start by asking your technology support company to discuss these 2 questions with you. From there, you can begin to discuss what courses of action could be taken to reduce the business impact of a disaster event, and the corresponding costs of their recommendations. If you were able to answer these questions, but feel that your risk is still too high – a similar approach is recommended. What timeframes WOULD be acceptable? What savings (in revenue and productivity) would this reduction represent for you? What are the corresponding costs to do so? Disaster readiness, as it pertains to business technology, is all about balancing acceptable risk levels with the costs of protective measures. Knowing what your current risk level is, and whether it's acceptable to you is the first step – and our little 2 question test has you well on your way! If you would like more information on how your company can develop a disaster recovery plan, or the solutions available to small and medium-sized business, give us a call, or send us a note - we'd love to hear from you!

Thoughts on Dental Floss and Documentation

Fri, 14 Jan 2011 12:00:00 AM

I have a confession. I hate flossing. I know I should do it, I'm aware of all the dental health benefits, but I can't bring myself to make it a habit. If there's a flossing equivalent in network management, it has to be documentation. And yet, it's one of the most important things that a company can do. Very few of the companies that we meet with have current network documentation. Even fewer have an understanding of the risks and costs that absent or out-dated documentation creates. Here are 5 reasons (among many) why network documentation is critical: 1. Business Continuity In an absence of documentation, the current IT solution provider, or Network Administrator becomes the sole information source with respect to how a company's network functions. The loss of that provider or employee then becomes a significantly disruptive event, as the company scrambles to maintain basic operations in the absence of this knowledge. Current, accurate network documentation protects companies against this risk, and ensures that there is continuity in their IT knowledge, despite potential resource interruptions. 2. Transitional Costs In the event that a company elects to change IT providers (or has a change in Network Administrators), the absence of network documentation adds incremental costs to the transition. The new service provider or employee must effectively start from scratch, learning and documenting the various elements of the network. Some companies understand these costs, and are reluctant to make a change – instead, continuing with a service provider who may not be driving full value from their technology investments. Good documentation allows companies to have flexibility in selecting a technology partner, and confidence that they can transition easily if their needs are not being met. 3. Security Companies without current, accurate documentation are more likely to have security risks present in their environment. External attacks target vulnerabilities in a network – open firewall ports, old (but active) user accounts, default account names & passwords. Without proper documentation, it is easy for these vulnerabilities to get overlooked and ignored. 4. Avoiding Unnecessary Complexity Nobody sets out to design a rats' nest of a network – so why do we see so many of them? While incremental changes to the network may seem reasonable or justified in isolation, the cumulative result can be a nightmare. Having proper documentation, identifying each piece of equipment's role, when it was implemented, and the rationale, can ensure that companies avoid unnecessary complexity as their network grows. From there, each decision to add to the network is made logically, with understanding of its impact on the overall infrastructure. 5. Identifying User Impact Without proper network documentation, it can be difficult to determine contingencies between the various network components. This dramatically increases the risk of unwanted user impact when making changes. Having a clear understanding of how the various elements work together can ensure that an administrator avoids unexpected disruptions to the business operation. What should be included in your network documentation? The folks at network-documentation.com have a fairly comprehensive checklist (PDF) that can serve as a starting point. Beyond this template, you should look to include any information that would be required to properly understand how the network has been designed, and considerations in its ongoing management. One last comment: documentation is a process, not a one-time event. Incorporating your network documentation as part of your change control processes, and ensuring that your documentation reflects the current reality of your network is essential. Cisco has written an excellent white paper (PDF) on processes which can be implemented to manage ongoing changes to your network. If you could use some help with your network documentation processes,Ask Us. We'd love to help. As for dental health? Well, you're on your own for that.

Lessons from WikiLeaks - 3 Network Security Practices Every Company Should Have in Place

Fri, 10 Dec 2010 12:00:00 AM

The exposure of thousands of classified documents by whistleblower website WikiLeaks has been dominating the news lately. While it's unlikely that your organization is trading military secrets, we believe there are lessons that companies of every size can take away from the WikiLeaks story. Here are 3 (low cost) security practices that every company should have in place: 1. Have an Acceptable Use & Non-Disclosure Policy for Employees We've written on this blog before that your company should have an Acceptable Use Policy - WikiLeaks reinforces the point. Today, the Pentagon banned the use of all removable media on their networks in an effort to prevent future data breaches. While such reactive measures are clearly warranted in this case, companies should give consideration such issues before they arise. Your policies should include clearly defined guidelines on items such as: The removal of company and/or client data from the work premises Remote access to corporate networks What information can / cannot be communicated via Email What information can be shared vs. what information is considered confidential Acceptable Use and Non-Disclosure agreements work to protect sensitive company information whiled setting clear expectations around appropriate use by employees. 2. Conduct Regular Reviews of Folder Permissions Companies should conduct a regular review of folder permissions on shared network drives to ensure that access rights are current and correct. As files get added, it is easy for sensitive information to get saved to unsecured network locations, exposing the information to unauthorized users. If you are running a Windows Server, there are tools available for conducting audits of file & folder permissions. 3. Have a Defined Data Protection Process for Employee Departures A recent study indicated that 30% of departing employees would take company data with them. It is essential that companies have a well-defined process for dealing with departing employees, and re-securing their data and networks. This process should include documented access rights, and required password changes upon departure to close any potential access points. This isn't groundbreaking advice by any means, but WikiLeaks is as good a reason as any for every company to reevaluate their security practices, and consider simple changes to better secure their corporate data and networks. If you would like some expert advice on implementing security measures in your business, Ask Us - we'd love to help.

Privacy Revisited

Mon, 29 Nov 2010 12:00:00 AM

I recently visited a local business, where I noticed that their handwritten appointment book was full of client Credit Card numbers and Expiry Dates. I immediately pointed this out to management, but it made me wonder - are small businesses taking security & privacy seriously? Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) became law in April, 2000. The act has several implications for any business which collects and retains customer information. Under the law, organizations are required to: Obtain consent when they collect, use or disclose their personal information; Supply an individual with a product or a service even if they refuse consent for the collection, use or disclosure of your personal information unless that information is essential to the transaction; Collect information by fair and lawful means; and Have personal information policies that are clear, understandable and readily available PIPEDA also stipulates security requirements for client data stored in computer systems, including the use of safeguards such as firewalls, passwords, and data encryption. 10 years have passed since the implementation of PIPEDA, but the requirements on businesses remain the same. Perhaps now is an ideal time for businesses to revisit their practices around the collection, storage, and use of customer data. Here's a Privacy Guide for Small Businesses(pdf) to get you started, along with a quick Privacy Policy quiz: What personal information does your organization or branch collect and why do you collect it? How does your organization safeguard customers' personal information? Who is the point of contact in this organization for more information about your privacy policy, to clarify the policy or to register a privacy complaint? Under what circumstances does your organization disclose personal information, such as to credit agencies or collection agencies? If your company could benefit from some expert advice in ensuring that your customer data is secure, and meeting applicable regulations, ask us. We'd be happy to conduct a Network Security Assessment, and identify areas where your current security practices can be improved.

Does IT Matter for Small Business?

Tue, 19 Oct 2010 12:00:00 AM

It's small business week! Did you know that over half the businesses in Winnipeg have LESS than 5 employees? And that 86% have LESS than 20? The message? If you're engaged in business-to-business services in Winnipeg, you're either relevant to small business, or you're simply not relevant. For 365 Technologies, that presents an interesting question - Does IT (Information Technology) Matter for Small Business? In 2003, Nicholas Carr wrote an article in Harvard Business Review titled 'IT Doesn't Matter'. In it, he makes the case that as the availability of IT increases, and the costs of IT decrease, technology becomes ubiquitous, and is no longer a way for companies to gain a competitive advantage over their competitors. As you can guess, the article generated a fair amount of controversy, and yielded a number of critical responses. Today, many Small Businesses ask the same question Carr did – Does IT Matter? Given all the investments needed in staff, and inventory, and marketing and sales, do they really need to worry about IT? Technology might be necessary - but it's not their core business. As long as the computers stay up and running, they're happy. In terms of strategic importance, or a way to improve their company's performance, IT doesn't matter. Are there reasons to take a different approach? We think so. Here are 4 ways that IT can have a direct impact on the success of a small business: 1. Delivering improved functionality New technologies, and in particular, the shift to cloud / hosted delivery models are making enterprise-class technology available to small businesses. In the past, where a small business owner would be faced with a large, upfront capital investment for hardware and software, he/she can now pay a monthly fee. This eliminates the need for hardware maintenance/depreciation, conserves cash, and adds security/redundancy over an 'in-house' solution. 2. Improving performance The largest expense in most small (and large) businesses is payroll. The ability of IT to improve or hinder the efficiency your employees is significant. Properly managed and maintained IT systems, where the risk of service disruptions is mitigated and uptime is maximized are absolutely essential. 3. Controlling risk Recently, we wrote a blog series titled '3 Types of Technology Risk (and what to do about them)'. These risks are just as valid for small companies as they are for larger ones. Small businesses are subjected to the same legislation as it relates to customer record storage and security, and need to be managing their risk exposure in this area. Well-managed, secure access, archiving, and backup can achieve this. 4. Reducing costs Technology represents a significant operating cost for most businesses. Some general benchmarks indicate 14% of operating expenses can be spent on IT. Often, IT does not receive the management that this level of expenditure warrants. The majority of IT costs are hidden - in employee productivity. Small businesses can benefit greatly from identifying these hidden costs, and taking appropriate measures to reduce them. At 365, we believe that IT does matter for small business - as much, if not more than for large ones. The new technologies available to small businesses promise greater functionality at a reduced cost, and have the potential to significantly impact bottom line profitability. Working with an expert technology partner like 365 Technologies is one way that small businesses can maximize the return on their technology investment. If you'd like to keep up-to-date with our posts, you can follow us on Twitter (@365tech), or subscribe to our RSS feed.

Pay-By-The-Hour IT Support? 5 Reasons to Consider an Alternative Approach

Mon, 20 Sep 2010 12:00:00 AM

Many companies without their own IT staff use an outside technology support company, and pay them an hourly rate for service. On the surface, hourly IT support appears to make sense as a 'pay as you go' solution; however, there are good reasons why it may not be in your best interest. Here are 5 to consider: 1. Hourly IT Support is Difficult to Budget Companies who pay for technology support by the hour can see dramatic changes in their support costs from month to month. While support can remain stable for a period of time, any major issue (network outage, hardware failure, data loss) can result in large, unbudgeted support bills. Managing these peaks and valleys can be difficult. 2. Hourly IT Support Rewards Inefficiency If technology support is not your primary business, it can be very difficult to gauge how long a specific support task should take. Combine this with a support model that rewards technicians for taking longer to resolve a problem, and it's easy to see how this can work against the customer. This is not to say that all support vendors are intentionally inefficient – but rather, that a 'pay by the hour' approach generates more revenue for the vendor if: a) the customer has more issues; and b) those issues take longer to resolve. 3. Hourly IT Support Places the Performance Risk on the Customer Your IT support company comes on-site to resolve an issue, only to have it reoccur 3 weeks later, or a new issue appear as a result. When they return for a second visit, it's another bill. Sound familiar? Under an hourly support model, it is most often the customer that bears the performance risk, or faces the prospect of disputing individual invoices. 4. Hourly IT Support is Reactive Because 'pay by the hour' IT support companies don't generate revenues until they're on the clock, their support takes a reactive approach. The onus is on you, the customer to report problems, and there is no incentive for the support company to put preventative maintenance measures in place. New support models include monitoring & maintenance tools to alert your support company to issues before you know about them, and before they impact your business. The focus on billable hours also prevents hourly IT support companies from taking a forward-looking, strategic view of their clients' technology. Having regular discussions about your technology, its business impact, and your future technology plans should be an essential component of the technology support services you receive. 5. Hourly IT Support Introduces Hidden Costs and Delays When businesses pay for IT support by the hour, they wisely put measures in place to control the amount of support being billed. The most common is having all IT issues triaged by a designated employee, prior to being reported to the IT support company. Concerns with this approach are: i. The triage person is actually a hidden IT support cost. In addition to their 'real' job, they are now spending their time (and associated labour expense) responding to IT issues. ii. Employees may neglect to report smaller issues, knowing that they will not be forwarded for support, or hoping to avoid the expense of a support call. As we know, small issues have a tendency to become large ones if left unattended. iii. Even when issues are reported, the need for a triage delays support when compared to the ability to report issues directly. Is there a better way? We think so. By offering comprehensive IT support for a fixed monthly rate, we're able to deliver proactive services, respond quickly to issues, and share your goal of a stable, reliable network. Learn more about how 365Care+ delivers Worry-Free IT to our clients here.

3 Types of Technology Risk (and what to do about them) Post 3 of 3

Fri, 20 Aug 2010 12:00:00 AM

In this series, we're looking at the different types of technology risk. Our last post covered Unauthorized Access to Corporate Information, and the need for well-managed access policies. A recent study indicates that 30% of departing employees would take corporate files with them - protecting your corporate data is absolutely critical. Today's topic... 3. Loss of Use / Downtime I would argue that our third technology risk is both a) the easiest to protect against; and b) the most costly. Downtime can range on a wide spectrum in terms of severity - from temporary loss of use of an application or device to a catastrophic system failure. The reason for the high cost of downtime is that it impacts the highest cost in any business - labour. The internet is full of tools and calculators to help you determine the true cost of downtime in your company. The basic formula is this: Cost of downtime = Outage hours * (Lost productivity + Lost revenue) At 365, we believe companies can protect themselves against the risk of downtime by practicing the 2 Rs: Redundancy and Recovery. Redundancy Companies can greatly reduce their risk of significant downtime by identifying the critical failure points in their network, and building redundancy in these areas. For example, many small businesses have moved to hosted applications to run their operations. These hosted applications offer low up-front costs in exchange for a monthly fee. However, they have an inherent risk being delivered over the Internet - any disruption to the company's internet connection results in immediate loss of use of the application. By installing redundant internet connections on different providers, companies can effectively eliminate this risk for far less than the cost of potential downtime. We recently worked with a new client who did not have redundant power supplies on their Email server. An unexpected failure resulted in corruption of their email database and loss of use of their email application for a day and a half. By installing redundant power supplies, and proper backup power, we have eliminated the risk of a similar outage in the future. Recovery Redundancy can't prevent every outage, and downtime can still happen (albeit rarely). Companies can greatly reduce the cost of any such downtime by reducing the time to system recovery. Some basic practices which can reduce the time to system recovery are: - Have a data backup solution which allows immediate data access and restore (365Backup is an example) - Have cold spares of mission critical hardware on hand (workstations / firewalls / switches) - Have an offsite disaster recovery plan in place As with most risks, an ounce of prevention is worth a pound of cure. Companies who take proactive measures in the areas of redundancy and recovery can significantly reduce the risk of loss of use / downtime, and the corresponding costs of lost productivity and revenues. If you found this post helpful, please use our new 'share' features below, which let you post the article to Twitter, Facebook, and others. Thanks! If you'd like to keep up-to-date with our posts, you can follow us on Twitter (@365tech), or subscribe to our RSS feed.

3 Types of Technology Risk (and what to do about them) Post 2 of 3

Wed, 21 Jul 2010 12:00:00 AM

In this series, we're looking at the different types of technology risk. Our last post covered External Attacks, and the need for a coordinated, multi-front effort to protect your network. Today's topic... 2. Unauthorized Access to Information Information can be a company's most critical asset, and protecting it against unauthorized access needs to be a top priority when addressing IT security. Unauthorized access can originate from outside the firm or inside, and measures are required to prevent both. External Breach Perimeter Security As we discussed in Post 1, ensuring properly configured firewalls and log monitoring are essential to protecting the corporate network from unauthorized external access. Data Encrytion Companies who store sensitive data, including client details and credit card numbers need to take specific steps in both storing and transmitting this information. Companies should familiarize themselves with applicable regulations, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Payment Card Industry (PCI) Data Security Standards. Industry-specific regulations such as the Health Insurance Portability and Accountability Act (HIPAA) may also apply. Internal Breach While external threats are real, the greatest risk to your company data is more than likely your employees. Forrester Research estimates that up to 85 percent of enterprise security breaches involve internal people and resources. And according to Gartner, "organizational costs of a sensitive data breach will increase 20 percent per year over the next two years. Putting the appropriate conrols in place can greatly reduce the likelihood that you will face an internal security breach. Richard Stiennon at IT-Harvest put it best when he said 'Identity and Access Management tools are the single most valuable defense you have against the insider threat'. Some best practices in this area include: - Clear guidelines and processes for requesting file access and establishing group policy - Requirements for strong passwords, forced scheduled password changes, and auto-screen locks - Web security and content filtering - A well-defined employee exit process to ensure ex-employees do not retain access to corporate networks after their departure If you don't have a security plan in place, or need some guidance on where to start, get in touch - we'd be happy to help. In our next post, we'll look at Technology Risk #3 - Loss of use / Downtime. If you'd like to keep up-to-date with our posts, you can follow us on Twitter (@365tech), or subscribe to our RSS feed.

3 Types of Technology Risk (and what to do about them) Post 1 of 3

Fri, 09 Jul 2010 12:00:00 AM

What technology risks does your business face? Have you considered them? Do you have the appropriate processes and technology in place to mitigate these risks? In the next 3 blog posts, we'll be discussing 3 distinct types of technology risk, and how your company can best position itself against them. 1. External Attacks (Viruses / Malware) When most people talk about technology risks or security, the first thing that comes to mind is the risk of external threats – and for good reason. External attacks on company networks continue to increase in both volume and sophistication. Further, the increased presence of social media in the workplace is resulting in more companies seeing spam and malware attacks. A recent Sophos Security Threat Report confirms that 2009 saw a 70% rise in the proportion of firms that report encountering spam and malware attacks via social networks. Mitigating the risk of these external threats requires a co-ordinated, multi-front effort, including: Properly installed & configured firewalls Policy-based & configurable Web content filtering Industry leading Antivirus (365Care+ includes Trend Micro OfficeScan 10 – which just received a 'Recommend' rating from the NSS Malware test) Scheduled preventative maintenance to ensure Security updates and Antivirus updates are being performed consistently (we recommend that Antivirus updates are performed DAILY) A SPAM block & quarantine solution (365MailSafe is an example) With properly configured and managed security solutions in place, your business can significantly reduce the risk of suffering an external attack. If you're not sure where to start,ask us – we'll be happy to help. In our next post, we'll look at Technology Risk type #2 – unauthorized access to information. If you'd like to keep up-to-date with our posts, you can follow us on Twitter (@365tech), or subscribe to our RSS feed.

Your company needs an Internet and Email Acceptable Use Policy – Here's Why:

Wed, 23 Jun 2010 11:13:00 AM

You may think that the last thing your company needs is another policy. That may be true, but there's one policy that every company should have, big or small – an Acceptable Use policy that clearly spells out appropriate use of company technology. A good Acceptable Use policy will: Clarify guidelines around the use and distribution of sensitive data (customer records, company plans and financial information, product designs, etc.) which are accessible through employee computers. Define ownership of information and privacy rights (for example, if the employer reserves the right to access all corporate email) Ensure speed of access and available bandwidth for work-related activities by restricting inappropriate use of computing resources. Set clear expectations around appropriate Internet usage during business hours and on corporate technology assets (can an employee check their Facebook on their lunch break?) Ensure the security and privacy of your company's systems and network Comply with privacy legislation and applicable law Companies should also consider a policy around employee use of social media sites while acting as a company representative. If you don't already have an Acceptable Use policy, we're happy to provide a template to get you started. Send an email to info@365tech.ca, with the subject 'Acceptable Use Policy', and we'll be sure to send it to you. If you have an Acceptable Use Policy, but you're still having trouble getting compliance from your users, you may want to consider solutions for web filtering, including 'white listing' acceptable sites. 365MailSafe offers a full email and web security solution – feel free to ask us about it!

Small Business Technology Reality Check

Tue, 15 Jun 2010 11:09:00 AM

When we ask small business owners how their technology is working for them, the typical response (unless they've experienced a recent failure) is 'fine'. Given the chance to dig a little deeper, we often discover areas where their technology is not working as well as it should, or where the application of best practices could greatly improve the value the business is getting from their technology investments. What about your business? Here are 10 simple True / False questions to give you a quick technology 'reality check': True or False: If our business were to suffer a catastrophe (fire, flood, etc.), I know with a high degree of confidence how long it would take to have our mission-critical systems and data restored. Our company has a 3-year Technology Plan outlining future anticipated costs and corresponding budgets We have a scheduled, established process for keeping desktops optimized (security updates, antivirus updates, etc.) Our network is fully documented (assets, user rights, passwords, policies). Employees who require remote access to our network are able to do so securely and reliably. Remote workers and/or locations are integrated seamlessly within the corporate network for information & resource sharing. SPAM email is being controlled at an acceptable level. We have defined thresholds for system downtime and understand the cost that downtime represents to our company in lost productivity and revenues. An Acceptable Use policy is in place, governing how employees use company computing resources. Desktops and servers are configured using standardized best practices. Any 'False' answers are a great indication of somewhere that your business processes or technical practices could be improved. If you have questions on how to make your technology work for your business, Request a Callback – we'll be more than happy to speak with you!