How CPA Firms Can Benefit from Managed IT Services

Let security and confidentiality be your watchwords!

When it comes to safeguarding your CPA firm’s confidential data, there is zero tolerance for risk. CPAs rely upon various forms of technology to gather data – whether it is a tax return or an independent audit.

CPA firms have made great strides by implementing such technology as electronic data management systems, client portals, and cloud-computing systems. However, records maintained by CPA firms must remain confidential because of professional standards, statutes, and regulations governing record retention. Data breaches can happen in numerous ways, including the following: fraud, hacking, improper disposal of data, or even a lost or stolen device.

A CPA firm will need their IT department (or an outsourced Managed IT Services vendor) to implement and maintain a comprehensive list of data and network security controls. It is helpful to understand the basics:

Perimeter security. This first line of defense includes firewall and intrusion detection systems, in addition to intrusion prevention systems. These should be configured with appropriate restrictions to block and filter both incoming and outgoing Internet traffic.

Endpoint security. Endpoint security requires each computing device on a corporate network to comply with established standards before network access is granted. These measures protect the servers and workstations and include safeguards such as administrative access limitations and anti-virus protection.

Network monitoring. Part of the control environment should include a frequent and ongoing monitoring program for all IT systems.

What We Do

circles

Comprehensive Support Program™ (CSP) — Bryley provides ongoing, proactive maintenance and remediation support to ensure a stable, highly-available computer network. Our most-popular Comprehensive Support Program (CSP) consolidates all end-user devices (mobile and desktop), servers, and computer-network equipment issues into one, Bryley-managed, fixed-fee program. Among the many services delivered under the Managed IT umbrella, Bryley installs and manages all software updates and patches.

Secure Network™ (SN) – An ongoing, managed-IT service that prevents intrusion, malware, and spam from entering the computer network through its Internet gateway and can restrict web-site surfing to inappropriate sites.

Multi-Point Security Hardening Service™ (MPSHS) – A periodic review to harden your computer-network security by reviewing/updating policies and configurations and testing. With this program, Bryley Systems can help your organization comply with the technical aspects of Massachusetts 201 CMR 17.00.

If you are looking for a business partner to help you navigate the ever-changing technology and cybersecurity landscape, we’re here for you. For more information about Bryley’s full array of Managed IT Services, Managed Cloud Services, and Cybersecurity Services please contact us at 978.562.6077 or by email at ITExperts@Bryley.com.

Smartphone Security

We all love receiving new technology during the holiday season, but we must remember to protect it.  Whether we like it or not, cell phones and laptops are no longer simply devices – they are an extension of ourselves.  They house important information and records that we wouldn’t dare give a stranger (social security numbers, passwords, confidential information). In fact, we use them for socializing, shopping, banking, browsing, and much more.  Simply for the ease of use, it becomes a habit to stay logged into your accounts on your devices, but the downside is that if your phone is lost or stolen, it can lead to identify theft.  Someone could also hack your phone and access information via web-pages you have visited.  The importance of smartphone security is something we should all be aware of and implement right away.

Nearly 40% of data breaches are caused by mobile devices.

  1. Employee negligence is typically due to employees who are busy, traveling constantly, or hurrying through a task, and simply not knowing or paying attention to the risks involved.
  2. Theft is a big problem since there are ways to breach a smartphone.
  3. Malicious attacks. Hackers are responsible for the majority of breaches and thrive on those who leave the doors wide open to an attack.  Don’t leave yourself vulnerable.

Here are some tips to enjoy that new device as well as protect your privacy and information:

  • Activate Screen Lock. Perhaps the easiest and first line of defense on any device is the lock screen. After any time of inactivity (usually 30 seconds for cell phones and slightly longer for laptops and desktops), the device should be enabled to auto-lock so no one else can access your information.  On a cell phone, the code is usually four characters, but can be longer.  No matter how protective you may be of your devices, there’s no guarantee that you may not accidentally leave it somewhere.
    • Encryption can do a lot to protect your phone’s data and the good news is that all iPhones and newer Android versions come with their phone automatically encrypt once you set a password.
  • Mind your Apps. We all like the simplicity and efficiency that apps provide, but it’s important to keep an eye on them. There has been an increase in malware attacks, especially on smartphones, since most users gain access to confidential information.  Always read the small print and consider the personal information the app requires. If an app requires significant personal information, reconsider installing it.
    • Always use official app stores. App stores generally approve and vet apps prior to granting them space on the platform. (Always make sure the Web site URL starts with a secure https:// and contains a locked padlock icon.)
    • Check permission for the app. Some apps will ask permission to access certain aspects of the device. While it will make sense for a GPS to ask for your location, the same cannot be said for a flashlight app asking permission to access your text messages.
  • Browse Carefully. When you access a web browser on your smartphone, you should be very careful because it is easy to accept messages that pop up. For instance, you might decide to save your password and other information as it leads to easier access later on.  Unfortunately, that can provide others a way to copy your data. Always use reliable and safe websites and never enter your information on new or unknown websites, especially when they are asking for sensitive information like your credit card or bank details.
  • Remote Wipe. Have security knowing that if your phone is lost or stolen, you can safely wipe the device to protect the data from falling into the wrong hands.  A similar feature can be enabled after a certain number of failed passwords to access the phone (usually it is around 10 attempts before the device is wiped).  This service provided to our clients enrolled under the CSP agreement.
  • Use caution with any links you receive via email or text message. Exercise caution when clicking on links. Phishing scams are not limited to email – a text message can incite you to click on a malicious link or ask for personal information.
  • Do not alter security settings for convenience. Tampering with your phone’s factory settings, jailbreaking, or rooting your phone undermines the built-in security features offered by your wireless service and smartphone, while making it more susceptible to an attack.
  • All Wi-Fi was not created equal. Be mindful when using open Wi-Fi. When you are not using your wireless connection, you should keep it switched off. This can ensure that no one else can connect to your device without your permission or knowledge. You should also check your device’s network settings as they might be configured to connect to a network automatically when in range and may not ask for permission. In addition, your home wireless router should also be protected through a password or security code.
  • Run the Updates. Don’t put off downloading updates. Many updates tweak and fix several flaws on your phone that could open a backdoor for hackers.
  • Wipe data on your old phone before you donate, resell, or recycle it. Your smartphone contains personal data you want to keep private when you dispose your old phone. To protect your privacy, completely erase data off of your phone and reset the phone to its initial factory settings.

 

https://heimdalsecurity.com/blog/smartphone-security-guide-keep-your-phone-data-safe/#
http://www.nsiserv.com/blog/mobile-security-threats
http://www.smallbiztechnology.com/
https://www.networkworld.com/category/malware-cybercrime/
https://www.fcc.gov/smartphone-security
http://pcworld.com

 

2018 Tech Trends

Technology is drastically changing the way we live and work and more adjustments will be apparent in the years ahead.  Instead of thinking “bottom-up” or “top-down,” business and technology needs to be thought of in a hybrid solution.  “From the bottom up, they are modernizing infrastructure and the architecture stack.  From the top down, they are organizing, operating, and delivering technology capabilities in new ways.  In tandem, these approaches can deliver more than efficiency – they offer the tools, velocity, and empowerment that will define the technology organization of the future.”1

IoT is one such tool that continues to gain traction and will have an even larger impact in 2018.  It is estimated that there are currently between 8-15 billion IoT devices.  That’s more than there are humans on Earth!  These devices include everything from home security systems, pacemakers, voting machines, voice-activated cars, personal assistants (i.e. Alexa) and personal health trackers (i.e. FitBit), as well as toys, toothbrushes, and even pillows.2  Having these devices makes life simpler, but will truly help when the devices can “talk” to each other.  Josh Siegal, a research scientist at MIT highlights the importance of interconnected devices and their usefulness: “It’s not about the car or the home, it’s about how your car can talk to your home to tell it that you’ll be arriving home early because your car talked to the roadway to avoid traffic, and now you need to put the heat on a little bit sooner than you would – while still saving energy due to having a smart thermostat. People aren’t used to thinking in such terms today.”2

These new IoT devices must also be able to function with the older technology.  “Having the intelligence in the lightbulb makes it pretty easy to adopt. It’s as easy as screwing in a lightbulb. But the usefulness is diminished when my 8-year-old daughter turns off the light switch – and now my fancy internet-enabled lightbulb is offline.”2

Security is Paramount

Now, more than ever, security is a top concern for organizations.  Individuals were rightfully upset about the Equifax breach, but IoT devices have the potential to leak information that’s just as valuable and sensitive.  It doesn’t help matters that security of these devices seems more like an afterthought.  The most vital, and yet underrated IoT applications are those that “allow administrators to automatically update them when issues are found and enforce strong defaults for things like passwords and encryption.”2 This highlights the importance of conducting due diligence and not rushing the vetting process for a shiny, new technology.  Ultimately, organizations must balance the need for better production and employee satisfaction with protecting company data.  They must know what and where the devices are attaching to the networks and manage accordingly.

IoT Data Analytics

As IoT expands, so too does the amount of information available to organizations.  This information can and will drive business decisions.  A prime example of IoT data analytics helping an organization work more efficiently and profitably is Navistar, who reduced the cost of managing its fleet of 180,000 trucks from 15 cents per mile to just 3 cents.3 Opportunities for cost savings exist in nearly every business, but it must be done judiciously; cost savings needs to be weighed against the cost of storing and sifting through the data.

2018 is poised to see technology have an even greater impact upon organizations.  It helps to have a Managed Services Provider (MSP), such as Bryley Systems to help navigate the ever-changing landscape.  Contact us at 844.449.8770 or by email at ITExperts@Bryley.com to learn more. We’re here for you.

 

1 https://www2.deloitte.com/content/dam/insights/us/articles/Tech-Trends-2018/4109_TechTrends-2018_FINAL.pdf
2 Schuchart, Wendy. IoT for Business: Five Key Trends for 2018. Channel Partners
3 https://www.forbes.com/sites/danielnewman/2017/09/26/top-10-trends-for-digital-transformation-in-2018/#734e6621293a

Is Your Technology Ready for Winter?

Whether or not you love or detest winter, the fact of the matter is that it’s quickly advancing.  Around this time those of us in New England put snow tires on our vehicles, stake our driveways, and put sand or kitty litter in our trunks.  But what about our technology?  How can you protect it from the harsh New England weather?

 

  • Check your surroundings. Prior to turning on any heating device, make sure it is a safe distance from your technology – you do not want to risk melting portions of your device.
  • Keep your technology out of your trunk! Although keeping your laptop in the trunk is a far better option than leaving it in the back seat of the car, it’s still not optimal. If left in a trunk for an extended period of time, severe temperatures can cause computer equipment to fail.
  • Let your devices warm up. How many times have you come in from the cold and had your glasses fog?  It only last a few moments until your glasses acclimate to the new temperature.  The same phenomena occurs inside your computer, but can have more severe consequences including short circuiting the device.  Drastic temperature shifts can also cause the metal components in the devices to expand and contract, potentially causing damage.  The best way to avoid this is to allow your computer to acclimate to the new temperature prior to powering the device.
  • Do not place any heating elements (heating pad, hair dryer, etc.) on or near the device in an effort to speed up the warming process. This can cause more harm than good.
  • Protect your screens. Most screens have an LCD, or liquid crystal display, and run the risk of freezing, making them more susceptible to cracking or shattering.  To reduce the risk of this occurring, reduce exposure to extreme temperatures.
  • Have your charger ready. Cold temperatures cause batteries to drain, so it’s important to keep a charger handy to ensure maximum uptime.
  • Change the Power Settings. “You can keep your laptop warm by changing the power settings to power save mode. This keeps the laptop warm as it continues to run, and instead of shutting down the hard drive, it keeps it spinning. The longer the laptop can be kept running, the warmer it will stay as it generates its own heat.”1
  • Be wary when online shopping. Online shopping is a great way to avoid the crows and get items you desire, but be wary of cyber criminals. We recently wrote an article to provide insight to protect yourself from hackers.

Keeping these tips in mind will enable you to enjoy the winter months and protect your valuable devices.

 

1 https://www.pcrichard.com/library/blogArticle/keeping-your-devices-safe-in-the-cold/800264.pcra

http://abc13.com/weather/winter-ize-your-technology-/467519/

http://tahoetopia.com/news/winterizing-your-computer

https://www.lifewire.com/top-cold-weather-tips-for-laptops-2377656

Shopping Online — Safely

Shopping online is very convenient.  You can click here and there and order whatever product you desire and have it delivered to your front door.  You can compare pricing, look for deals, compare products, and it all can be done quickly and in the convenience of your own home, any time, night or day.  The downfall?  Wherever there is money and users to be found, there are malicious hackers roaming around.

Use familiar web sites.  You need to be aware of the safer online shops, like Amazon.  One tactic favored by malicious hackers is to set up their own fake shopping websites. Fake websites can either infect you the moment you arrive on them by way of malicious links. However, the most dangerous aspect you should be concerned about is the checkout process. Completing a checkout process will give cybercriminals your most important information: credit card data (including security number), name, and address. This opens you up to credit card fraud or social engineering attacks.

What are some key things to be aware of as you’re shopping?  Sticking with popular brands is as good as any advice when shopping online. Not only do you know what you’re getting by way of quality and price, but you also feel more confident that these well-established names have in place robust security measures. Their efforts can be quite remarkable, as researchers at Google and the University of San Diego found last year.1

 A few things to be aware of: 

  • Leery URL’s such as “coach-at-awesome-price.com” or “the-bestonlineshoppingintheworld.com”
  • A strange selection of brands – as an example, the website claims to be specialized in clothes but also sells car parts or construction materials
  • Strange contact information. If the email for customer service is “amazonsupport@gmail.com” instead of “support@amazon.com” then you should be suspicious that online shop is fake
  • Are prices ridiculously low?  An online shop that has an iPhone 7 at $75 is most likely trying to scam you

The old adage “if it seems too good to be true, it probably is,” rings true in this case, and it’s best to steer clear of these sites.

Use Secure Connections.  Wi-Fi has some serious limitations in terms of security. Unsecured connections allow hackers to intercept your traffic and see everything you are doing on an online shop.  This includes checkout information, passwords, emails, addresses, etc.

Before You Buy Online…

  • If the connection is open and doesn’t have a password, don’t use it.
  • If the router is in an exposed location, allowing people to tamper with it, it can be hacked by a cybercriminal. Stay away.
  • If you are in a densely-crowded bar with dozens of devices connected to the same Wi-Fi hotspot, this can be a prime target for an enterprising cybercriminal who wants to blend in and go unnoticed. Continue to socialize, don’t shop.

Access secure shopping sites that protect your information. If you want to purchase from a website, make sure it has SSL (secure sockets layer) encryption installed. The site should start with https:// and you should notice the lock symbol is in the address bar at the top.

Update your browser, antivirus and operating system.  One of the more frequent causes of malware is unpatched software.  Online shoppers are most at risk due to the sensitive information involved. At a minimum, make sure you have an updated browser when you are purchasing online. This will help secure your cookies and cache, while preventing a data leakage.  You’ll probably fuss over having to constantly update your software because it can be a time consuming operation, but remember the benefits.

Always be aware of your bank statement.  Malicious hackers are typically looking for credit card data, and online shops are the best place for them to get their hands on such information.  Often times, companies get hacked and their information falls into the hands of cybercriminals.

For this reason, it’s a good habit to review your bank account and check up on any suspicious activity.

“Don’t wait for your bill to come at the end of the month. Go online regularly and look at electronic statements for your credit card, debit card, and checking accounts. Make sure you don’t see any fraudulent charges, even originating from sites like PayPal. If you do see something wrong, pick up the phone to address the matter quickly. In the case of credit cards, pay the bill only once you know all your charges are accurate. You have 30 days to notify the bank or card issuer of problems.”2

Using a credit card vs. a debit card is safer.  Credit cards have additional legal defenses built in that make them safer to purchase online compared to debit cards.  With credit cards, you aren’t liable if you are a victim of a fraudulent transaction, so long as you report the fraud in a timely manner. Secondly, credit cards give you leverage when it comes to disputing transactions with a seller. If you pay with a debit card, you can’t get your money back unless the seller agrees to it. With credit cards, the money you paid for a product isn’t counted against you until due process is complete, debit card holders however can only get their money back after this step.  Ultimately, banks are much more protective of credit cards since it’s their money on the line, not yours.

Additional tips for safety:

  • Never let someone see your credit card number – it may seem obvious, but never keep your PIN number in the same spot as your credit card
  • Destroy and delete any statements you have read
  • Notify your credit card issuer of any address change. Doing so will prevent them from sending sensitive files to the previous address
  • Keep confirmation numbers and emails for any online purchases you may have done
  • Immediately call your credit card company and close your account if you have lost or misplaced a credit card

Use antivirus protection.  The most frequent tip on how to be safe online is to use a good antivirus tool. It will keep you safe against known malware.  ”Before you begin shopping, outfit your phone or tablet with mobile security software. Look for a product that scans apps for viruses and spyware, blocks shady websites, provides lost-device protection and offers automatic updates.”3

Do not purchase from spam or phishing emails.  A phishing email with a fake offer for a desirable product is a hard thing to resist for many shoppers, so they make an impulsive decision and click on the “Order Product” or “Buy Now”, and that’s when the malware attack starts.  A phishing email is not like a standard email. The cybercriminal simply wants your click, and nothing else. The Unsubscribe button won’t stop the email spam.  The best solution in these cases is for you to simply mark the email as spam, this will remove the mail from your inbox and block the sender from sending more spam.

Keep a record of your transactions.  If you are a frequent online shopper, it may be difficult to remember from which site you bought a certain product.  So, write it down: what you bought, when and from what website.  Compare your spending details with the banking records from your online banking account, keep track of which websites you use for shopping and buying stuff online.

Hold on to your receipts and destroy them when you no longer need them.  Keep the receipt for your purchase, just in case you need to confirm it again, as well as for warranty and return issues.  If you want to get rid of receipt, make sure to destroy it completely, so that any possible identity thief won’t be able to find any information about you.

Don’t give out more private information than you need to.  ”In order to shop online you need to provide two types of information: payment information, such as credit card data, and shipping location, which is usually your home or work address. Be suspicious of online shops that ask for information such as: date of birth, social security number or any other similar information. They don’t need it in order to sell you things.”4

Don’t keep too much information on your smartphone.  These days, everybody stores a lot of important personal information on their phone, and most of us rarely take the time to secure them.  These devices are now much less about calling people, and more about photos, social media, etc.  Increasingly, people shop online using their smartphone, but this carries its own risks. Fake online shops can infect your smartphone with malware, and then have access to information such as phone numbers, notes, photos, and even app contents.  Be careful what information you store on your smartphone.

If you take a few safety precautions, you can enjoy the convenience of technology with peace of mind while you shop online.

1 https://www.welivesecurity.com – ESET Security Forum
2 https://www.pcmag.com
3 http://www.trendmicro.co.uk/home/internet-safety-for-kids/smart-mobile-tips-for-online-shopping/ – TrendMicro
4 https://bettermoneyhabits.bankofamerica.com/
https://staysafeonline.org – Powered by National Cyber Security Alliance
https://www.americanbar.org – American Bar Association
https://www.foxnews.com
https://www.usatoday.com

 

Worms belong in your Garden, not your PC!

When we think of worms, most of us think of the creature that helps our gardens thrive, however, in the technology field the word “worm” strikes fear into many a technology user.  This particular form of malware has caused billions of dollars in damages in the last decade alone!1 Using Symantec’s definition, worms are “programs that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file.”1 Some liken it to a chain letter that no one wants, but is far more insidious and damaging.

“They make your computer more vulnerable to future attack, because every machine with a worm infection is broadcasting to the entire Internet that it can be taken over by anyone who cares to copy the method the worm used. Also some viruses and worms disable standard security measures, or install their own back-door services that allow other people to use your computer over the Net.”2

Well-known Worms

The first known worm was the Morris worm in 1988, named after Robert Morris, a student at M.I.T. While the worm was initially harmless, it “quickly began replicating copies of itself onto Internet servers of the day (predating the World Wide Web), eventually causing them to stop working due to exhaustion of resources.”3

In 2001 a worm by the name “Nimda” (admin spelled backwards), infected nearly 2.2 million servers and PCs within a 24-hour period through a multi-pronged approach including searching for unpatched applications, sending an infected mass email to a victim’s contact list, and downloading from a compromised website.4 This worm caused over $635 million in damages and dramatically decreased internet speeds and wreaked havoc on a user’s email account.

One of the more powerful attributes of a worm is its ability to propagate seemingly by itself, with little to no human interaction.  This makes it ideal for cyber warfare.  A prime example of this is the 2010 attack on Iran; the United States and Israel created what is now known as the Stuxnet worm to attack Iran’s nuclear enrichment program.  By the time the worm was discovered and expelled from their infrastructure, 984 uranium enriching centrifuges were destroyed, setting Iran’s nuclear weapons program back by approximately 2 years!5

How does it spread?

What makes worms so dangerous and insidious is that once it is on your machine, it can wreak havoc without the user’s knowledge.  Once the initial sequence is started (opening an attachment, clicking on a link, etc.), the worm will move on its own through the system, impeding the user’s activity.  Worms also infect other machines by self-replicating and sending mass emails through the infected users’ email contacts.1 Oftentimes, victims think they are simply opening an attachment from a friend or acquaintance so their guard is down.

Symptoms

How do you know when you have a worm?  There are several key symptoms that may indicate you have been infected:

  • Emails sent without consent. If you are contacted by an individual in your contact list about a strange email you sent, but have no recollection of, you may be a victim of a worm.
  • Software suddenly appearing on your desktop. If you notice that applications are suddenly appearing on your desktop, or have been removed, that’s a red flag that your machine may be compromised.
  • Slow computer performance. If infected, your machine may run slower as the worm needs memory to effectively run and propagate.
  • Pop-ups galore. If you are seeing numerous pop-ups and messages, it’s a surefire sign that you have a worm or virus on your machine.
  • New windows open when connecting to the internet. A common symptom of an attack or worm is when you connect to the internet and it opens a new window that you did not request.

How to protect against worms

So, what can you do to prevent such an attack from occurring?

  • Be cautious around attachments. Even if you recognize the sender, be cautious if they send you an unexpected email with an attachment and a vague subject line (“You have to see this!”). Be extremely cautious if you don’t recognize the sender.
  • Perform regular updates. Their intended purpose is to quickly push out fixes to bugs that may be occurring and create a safe computer environment. When you browse the internet, your computer is at the mercy of its current protective measures. Viruses, malware and rootkits are always on the search for security holes to exploit and gain entry to your personal data. While the best antivirus software would prevent this from ever happening, in order to accomplish such a goal, you need to perform recommended updates.

Working with a managed IT service provider (MSP) can remove a lot of the burden and take away the mystery of proactive measures to protect your business.

Protecting your company’s data and infrastructure should be a top priority, but you do not need to do it alone.  Let the Bryley experts help protect your company’s data and infrastructure. Please contact us at 844.449.8770 or by email at ITExperts@Bryley.com.

 

1 https://www.veracode.com/security/computer-worm

2 http://www.bbk.ac.uk/its/services/security/secper/hints

3 https://www.lifewire.com/how-computer-worms-work-816582

4 https://www.symantec.com/avcenter/reference/nimda.final.pdf

5 https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/

https://support.microsoft.com/en-us/help/129972/how-to-prevent-and-remove-viruses-and-other-malware

https://www.caida.org/publications/papers/2002/codered/codered.pdf

IT Budgeting Made Easy

We know that budgeting can be a daunting task. That is why the Bryley Systems’ motto is “Dependable IT at a Predictable Cost”. Our fixed-price IT support programs make IT budgeting a breeze.

We understand that in order to have an accurate, working budget, the finance and IT teams need to come together to get an idea of the full picture.

Why does IT budgeting matter?

Without a budget, IT leaders will have to justify every IT expenditure as it arises, creating unnecessary bottlenecks.  Furthermore, “you may be forced to request and justify every IT expenditure as it arises, which makes for significant unnecessary overhead. Smaller organizations may find themselves willingly migrating into a periodic budgeting process, as IT expenditures that were once simply spent as incurred, or justified with a 30-second hallway conversation, blossom into significant IT spending that can be consolidated and made more transparent through a budgeting process.”1

IT budgeting affects more than just your department

When creating an IT budget, it’s important to think of how it will tie into other departments.  The budget will directly impact employees and initiatives that your organization has.  It’s easy to see the budget as a mere spreadsheet. But remember, there are real consequences for every number that is either increased or decreased.

Think of IT budgeting as financial planning

Consider IT spending as an investment for your organization’s future, much in the same way as you would with your personal financial planning. “Only after gaining an understanding of the organization’s short- and long-term goals can [business leaders] help ensure that the organization is aligning its IT strategy with its business strategy, resulting in the right IT investment decisions.”2 Consider, “What is the organization’s cash flow? How will IT spending impact the organization’s overall capital and operating budgets? Are any major projects on the horizon that might impact the IT infrastructure? Remember to consider both the financial and non-financial implications of IT-related initiatives.”2 Another aspect that should not be overlooked is the human component.  Does the organization plan on making any changes that could impact an employee’s ability to fully utilize new software? And, how will new initiatives impact employees’ work lives?

Creating budgets also helps to establish and understand priorities. “Instead of looking at the budget solely as an administrative process, regard it as a validation and support tool for your IT strategy. If you don’t have a formal or informal IT strategy in place, the budgeting process is as good a place as any to start investigating areas for improvement that will be cornerstones of your first attempts at more strategic IT management.”1

Align IT with organizational strategy

IT budgeting should not be performed in a bubble; but rather performed with the entire organization in mind.  Once the IT budget is prepared, compare it to the overall budget to ensure the goals are aligned.  Key questions to ask are “Do the selected IT initiatives align with and support the organization’s strategic objectives? Should any initiatives that weren’t selected for the budget be reconsidered? Would any of the organization’s strategic initiatives make one of the selected IT initiatives obsolete?”2 It is best to think of your IT budget in three sections:

  • Run – What it takes to keep the organization running. This should be the last place to trim as doing so could create unnecessary operational risk.  Items included in this group are considered mission-critical: server replacements, key software upgrades, personnel costs.
  • Grow – introduce new capabilities and improve existing ones. These are often more flexible and are easily added or trimmed depending on cash flow.  Items in this section include implementing new software for optimization, purchasing a firewall for additional protection, and upgrading the website to attract more customers.
  • Transform – This is more of a long-term project for research and development endeavors. Unless associated with key organizational initiatives, these are the first to be cut when budgets are trimmed.  These initiatives are ones in which the organization believes it will benefit from in the future.  Examples include new product offerings, , redundancy, , and the like.

Tips and best practices

When considering the impact the budget will have on the organization as a whole, it is imperative to put forth significant time and due diligence into its creation.  It’s too simple to see the budgeting exercise as just another painful administrative duty that one must accomplish. But it is really much more than that.  A budget “is the financial manifestation of the strategy and direction your department or organization will take over the coming year.”1

  • Use last year’s budget. This will give you a rough idea of what you want the upcoming budget to look like. It will also provident insight into areas to pad as well as those that can be reduced.
  • Spreadsheets are your friends. Excel spreadsheets will prove invaluable when it comes to updating and creating a budget. It is beneficial to have previous years’ budgets listed as it will indicate long-term trends and the ability to predict future expenses.
  • Factor in slack. Once a budget is set, it is generally difficult to go back for more funds.  Consider, carefully, the amounts requested to ensure they are sufficient to accomplish the objectives.
  • Seek expert advice. You can’t be expected to know everything about the realm of IT and budgeting, so don’t be afraid to seek out the advice of experts.  They will offer guidance and work with you to identify key initiatives and allocations for your future success.

Creating an IT budget can be a daunting task, but you are not alone.  Bryley Systems’ experts will work with you to determine your priorities and build a budget accordingly.  It’s easy with our fixed-price IT support programs.

We are your technology partner. Please contact us at 844.449.8770 or by email at ITExperts@Bryley.com.

We’re here for you with “Dependable IT at a Predictable Cost.”

 

1 https://www.techrepublic.com/article/it-budgeting-the-smart-persons-guide/

2 https://www.journalofaccountancy.com/issues/2012/mar/20114439.html

http://searchcio.techtarget.com/IT-budgeting-and-spending-strategies-guide-for-CIOs

http://www.investopedia.com/articles/pf/08/small-business-budget.asp

Bryley’s Prestigious Channel Partners 360° Award Celebrates Fall

After being honored as one of 25 recipients worldwide, our prestigious award is traveling the U.S. in celebration – being one of the most sought-after in the industry of technology solutions.  This month it stayed local to celebrate Fall in New England

HAPPY HALLOWEEN!

Bryley is getting into the Fall spirit.  Stop by on Halloween
as we join several other businesses in Hudson to hand out
treats to the youth in our community.

 

Cathy Livingstone hands out candy to local residents.

All Aboard!

The cutest mouse trap we’ve ever seen!

 

 

“Bryley Systems works toward continuous improvement; we strive to manage, optimize, and secure our client’s information technology, which brings substantial business benefit and value to their organizations. Our team-focused, best-practices-oriented approach, coupled with high-value/low-risk service options, enables us to provide our clients with Dependable IT at a Predictable Cost™.  We thank Channel Partners for this prestigious Channel Partners 360° award!”                      

      – Gavin and Cathy Livingstone, Co-Owners, Bryley Systems, Hudson, MA

Bryley Basics: What happens when a home is smarter than its owner?

Today, if we forget to turn off the coffee pot, or shut the garage door, we can simply hit a button on our phones, or other devices. According to a study by Intel Corporation, 71% of the population is expected to have at least one smart-home device in every home by 2025.1

This is great news for those of us that are forgetful, but one has to be wary of how much access is granted through these devices. Just like you wouldn’t leave your house keys out for anyone to take, you must also be cognizant of the security of your smart devices.   Last year, hackers were able to bring down several sites by using home devices connected to the internet such as baby monitors, cameras, and home routers without the user’s knowledge.1

There are several steps users can put in place in order to take advantage of these smart devices while remaining protected:

Do your research. Not all smart devices were made equal. It is best to do some research prior to purchasing a device to see what security measures the manufacturers have implemented. Will the device automatically perform patch updates? Does it require a passcode? Will it prompt you to change your password? Knowing this ahead of time, will give added peace of mind.

Secure your devices. By default, many of these devices have a simple security plan in place, since historically they haven’t needed to worry about cyber threats. Prior to a few years ago, no one would have thought you could have your refrigerator tell you what items you would need to purchase on your next grocery trip! Make sure your device requires a passcode that you can regularly update.

Regularly update your Passwords. Make sure to change your password every 60-90 days with a complex password using a mixture of capital and lowercase letters, numbers, and symbols. A password does nothing if it remains at the default factory password.

Separate your Network. As an added layer of protection, put some separation between your devices and the rest of your data. Most of the time, these devices only need an internet connection, so putting them on a different network from the rest of your data protects both of them. “Newer WiFi routers have built-in guest network capabilities that can isolate untrusted devices from each other and from the rest of your network – a useful feature for most devices that only need internet access and don’t need to talk to other devices. Extra configuration may be required to properly secure devices that need to talk to each other (like automation controllers and security cameras), but it’s possible to limit that communication without laying bare the rest of your home’s network.”2

Perform Regular Updates. Some devices will automatically update while others you will have to check. Regardless, it is best to check every so often to ensure the updates are performed and you are protected.

Security of these smart devices is such a concern, Senators Mark Warner, Cory Gardner, Ron Wyden and Steve Daines introduced the “Internet of Things Cybersecurity Act” aimed at forcing tech companies “to ramp up security if they want to sell connected devices to the federal government.”3 This bill is the bare minimum and will block any “IoT devices with known security issues from government use and require device makers to patch any new flaws. Security researchers who hack IoT devices used by the federal government in order to find new flaws would be exempt from the Computer Fraud and Abuse Act, which has been used to charge hackers.”3 It is the hope that this bill will encourage companies to adopt these regulations as standard for commercial sectors as well.

At the end of the day, these devices will become more and more commonplace. As this occurs, security will also improve. There are sure to be growing pains, but like most evolutions, it will improve our lives.

 

  1. 1 Best Smart Home Devices and Hot IoT Is Changing The Way We Live. Forbes Technology Council. 6 Jun 2017
  2. How To Protect your Fancy New ‘Connected Home’ from Savvy Hackers. Best Buy
  3. 3 Congress to smart device makers: Your security sucks. Ng, Alfred. CNet. 2 August 2017.