Discover the Top 5 Barriers to Business Growth with mPower Advisors

Are you worried about missing critical milestones or goals?  Do you want to avoid the next unknown pitfall?  Or, do you want to transition out of your business smoothly?

Join Dave Clough of mPower Advisors for a one-hour webinar: Top 5 Barriers to Business Growth (and How to Break Through Them) on Wednesday, October 14, from 2pm to 3pm.

Learn to predict how growth will impact your company, identify growth issues before they appear, and get a Road Map to help guide your way.  Get an overview of a system that provides predictable growth for your company.

Dave Clough has been a Business Advisor for over 11 years, helping over 70 companies grow.  He is certified from TTI Success Insights: DISC, Motivators, TriMetrix HD, Emotional Intelligence, Stress, and Stages of Growth.

The value of outsourcing IT

Many organizations invest in Information Technology (IT) as a strategic advantage; others see it as an expensive necessity.  We tend to favor the former perspective, but empathize with the latter; although IT can consume significant financial resources, it is a cornerstone of most modern organizations.

Either way, a key decision is whether to keep IT internally within the organization or outsource it to a Managed IT Services Provider (MSP) like Bryley Systems.  With an MSP, the basic tenet is a long-term relationship between the client and the MSP with an agreement that details types and levels of service at a fixed amount.

We reviewed some considerations of outsourcing in Outsourcing IT in the May 2014 issue of Bryley Information and Tips, but what of its value?

Let’s start with the players, their interests, and their capabilities.

The primary player:  The Client

The client has technology needs and issues, from end-user oriented (“Please show me how to rename a file.”) to network-level critical (“The Internet is unavailable.”) to business based (“How do I plan and budget our technology requirements in a world that is constantly changing?”).

The client has a limited technology budget spread across at least these areas:

  • End-user equipment and applications – Potentially an area of frequent change; typically a three to six-year lifespan with ongoing maintenance
  • Network equipment and software – Relatively stable, but some replacement required on a four to eight-year basis with ongoing maintenance
  • Cloud resources – Fairly stable; requires periodic payments, typically on a per-user basis
  • Security – Often under-invested, especially in the need for multi-layered defenses and ongoing security training
  • Support – Fairly stable in an MSP-supported environment
  • Training – Often neglected, but useful to boost productivity

The client seeks a stable, reliable, optimized IT environment; one that is patched appropriately and is secured against external and internal threats.

The second player:  The MSP

The MSP has a competent, stable, well-trained, and certified technical team with different levels of capability:

  • Technicians supporting end-user environments (PCs, MACs, mobile devices)
  • Engineers servicing back-office/Cloud networks (servers, firewalls, routers)
  • Consultants providing high-level planning, design, and troubleshooting

The technical team works closely with an account-management team, which owns the client relationship and maintains communications while advocating on behalf of the client.  The account-management team discloses the client’s interests and requirements within the MSP; they also set client expectations based on close alignment with the technical team’s schedule and availability.

The MSP spreads its resources across a manageable number of clients, typically assigning an account and technical person to each client.  Exceptions within the client’s environment are noted and shared, allowing others to assist when the assigned personnel are unavailable.

The billing is periodic, usually monthly, providing predictable, recurring revenue to the MSP to support its operations and finance its constant improvement.

The MSP is led by capable, experienced management utilizing a holistic service-management system for ticketing, account-management, reporting, etc.

Next:  What did the survey reveal?

CompTIA, a respected, IT-industry trade association, surveyed 350 companies in June 2015 to compile its Fourth Annual Trends in Managed Services Study.  Their results include:

  • 68% had used an outside IT firm in the last 12 months
  • 64% believe they use an MSP for at least one operational function
  • Six in 10 said it was a collaborative effort with the internal IT staff
  • Many seek efficiencies and competitive advantage in addition to cost savings

Most use their MSP in these areas*:

  • Repairing/troubleshooting IT systems
  • Deploying/installing/integrating
  • General IT consulting
  • Cybersecurity

*Please see “CIOs give Managed IT Service High Marks” by Dennis McCafferty ofCIO|Insight.

Finally:  Where’s the value?

Value is not hard to define, but sometimes difficult to quantify.  Value can often be in the eyes of the beholder, having greater weight with one and less with another.

The easily discerned areas of value include*:

  • Highly competent resource to efficiently resolve difficult issues
  • Service Level Agreement (SLA) with detailed response times
  • Predictable support budget
  • Proactive, 24×7 coverage
  • Team approach
  • Reporting

*Please see 7 Advantages of Managed IT Services by Chase Moritz of Heartland Technology Solutions.

Some of the other, less-quantifiable considerations that come with outsourcing:

  • Secure, stable environment from well-honed best practices of the MSP
  • Strategic, flexible partnership with ongoing counsel
  • Supplement to existing IT team (if any)

For the client, our recommendation is to establish and maintain a strategic relationship with an MSP of similar perspectives and sufficient resources, one that can respond when needed, but acts proactively to manage, optimize, and secure your IT environment.  In a mid-sized IT environment, say 25 to 85 technology users, the typical IT challenges can be met by the MSP at a fraction of the cost of having a comparable team on your payroll.

Technology roundtable at the Central Mass. Business Expo

Please join our panel of local IT experts for Central Mass Business Expo’s Examining the Cloud, Mobility, and Data Security, an information-technology roundtable at the Central Mass. Business EXPO (CMBE) on November 5th from 2pm to 3pm at the DCU Center.

Information technology is a strategic concern of business owners and managers.  Our panel will address timely issues, such as the future of cloud computing, how to empower a mobile workforce, and how to protect your data.

The panel includes:

  • Mark Ayotte; CEO, Ayacht Technologies
  • Allen Falcon; CEO, Cumulus Global
  • Gavin Livingstone; President, Bryley Systems
  • Helder Machado; CEO, Machado Consulting

A (mostly) true tale: The Company We Keep (or From Buses to Beer)

Cathy and Gavin Livingstone, owners of Bryley Systems, a Managed IT Services Provider (MSP) ranked in the top 500 MSPs worldwide, went to dinner with friends.  While entering the restaurant, a WRTA (Worcester Regional Transit Authority) bus drove by; Gavin said to the couple: “Hey, that’s our client!”

The couple was impressed.

During the meal, the couple mentioned that they were planning a retirement party at a golf club. Again, Gavin said: “Hey, that’s our client!”

The couple was extremely impressed.

When the drinks were served, Gavin held up his glass of Spencer Trappist Ale and said: “Hey, that’s our client!”

The couple was speechless.  Finally, the husband lifted his glass and replied: “Bless the Trappists for this great beer and kudos to Bryley for keeping the abbey online!”

Another possible interpretation: After a drink at the club, better take the bus home.

Introducing Microsoft Office 2016

Microsoft Office 2016 for Windows should launch on September 22nd; the Macintosh version released in July.  After this upcoming release, perpetual licenses of Office 2013 and earlier versions will be difficult to acquire legally.

Significant changes include:

  • Create, open, edit, and save Cloud-based documents
  • Real-time co-authoring
  • New Tell Me search tool

Not so significant features include:

  • Contextual-information via Insights
  • Data-loss prevention
  • Colorful themes

Requirements:

  • Microsoft Windows 7 or later
  • Exchange Server 2010, 2013, or the upcoming 2016

The last requirement, updating Exchange Server to support Microsoft Office 2016, will take some planning and effort and should be completed before deploying Microsoft Office 2016.  Note:  The Autodiscover service within Exchange Server 2010 and 2013, which has a default configuration suitable only for simple networks, may also need to be reconfigured and republished.  (For example:  An organization with VPN users will likely need to adjust the Autodiscover service on their Exchange Server.).

Migrating to Windows 10 – Now, later, or never?

Migrations bring about change in the lives of technology end-users, whether desired or not.  Often, the IT-support team receives undeserved blame for issues with a new operating system; although, they can help smooth the way by testing core software applications and devices for compatibility before upgrading.

So, here you are with new computers that ship with multiple versions of Windows; which to deploy?  You know there are going to be compatibility issues; there always are.  (Our current VPN client does not yet work with Windows 10 and I have heard of issues with Google’s Chrome on Windows 10.)  Also, there are individuals within your organization who will have trouble adapting to a new user environment.

These are the issues you will need to address when migrating to Windows 10:

  • Equipment compatibility
  • Application compatibility
  • User acceptance

Equipment compatibility

Equipment-compatibility issues exist because Windows has always been everything to everyone:  Windows supports most any printer, scanner, fax, camera, or device as long as the manufacturer conforms to Microsoft specifications, which might include creating a Windows device driver (a small application designed to translate instructions between the device and the operating system) to enable all features.

Likewise, your desktop or notebook computer might not be compatible with Windows 10; you will need (at a minimum):

  • 1GHz processor
  • 1Gb of RAM for 32-bit deployment or 2Gb for 64-bit deployment
  • 20Gb of disk space
  • DirectX9 display with 800×600 display

Please see the Windows 10 specifications for details.

Applications compatibility

Software applications must also conform to Microsoft specifications; however, updating applications to work with a new operating system takes time and effort.  So, older, legacy applications not built to current-day Windows standards can be slow to comply, particularly those from smaller developers, who might not have the resources necessary to make them compatible.  These developers might suggest: “Don’t upgrade now” or “Use XP Compatibility mode”, but usually offer no specific timetable or long-term work-around.

Cloud-based applications have an advantage over most legacy applications; they are likely browser-dependent (and operating-system independent) and are updated continually.  However, you can run into compatibility issues with different browser versions and even different browsers.

User acceptance

An often under-appreciated issue is the changes to the user interface, particularly its look-and-feel; Microsoft received significant criticism with Windows 8.x and the fundamental changes in how it interacts with the end-users.

 

Migration techniques

The safe method, one that many organizations adopt, is to delay migration until:

  • All computers are known to have sufficient resources to run Windows 10.
  • Hardware compatibility issues are identified and resolved, either through updates or hardware replacement.
  • All applications are tested and compatibility issues are either resolved, the application is replaced, or a work-around is established.
  • Training is budgeted and approved.
  • Proper planning is completed to ensure a smooth transition.

However, organizations with limited budgets might not be able to invest fully in this process; they likely need to add a computer or two, right now.

For those already using Windows 8.x:

  • Applications and device drivers that work with Windows 8.x will likely work with Windows 10 (since the underlying framework is similar in both editions).
  • You can use the Windows 8.1 Upgrade Assistant to help identify application- compatibility issues with Windows 8.1, which will also be an issue with Windows 10.

Unfortunately, there is no substitute for testing; put in the time and do it right!

Often, it can be more effective to replace an aging printer (or similar device) than to try and make it work with a new version of Windows; the time to research, locate, install new device drivers (if they exist), test, and then update all migrated workstations can easily exceed the cost of deploying a new, modern device (with more features and greater functionality).

Training is necessary:  Group sessions to introduce the basics and answer questions are effective in getting things started.  Follow-up, small-group training or individual hand-holding can alleviate fears and improve productivity.

For training, Microsoft offers free, Windows 10 training resources.
Now, later, or never

Basically, if you use Windows-based applications, you main options are:

  • Upgrade to Windows 10 without charge by July 29, 2016
  • Leave Windows-desktop entirely
  • Don’t change anything, ever

Microsoft is allowing anyone with a qualified and genuine copy of Windows 7 or Windows 8/8.1 to upgrade to Windows 10 for free through July 29, 2016.  So, you can upgrade your existing equipment without licensing fees once you have completed compatibility testing, training, etc.

The second option, leave Windows, suggests one of two courses of action:

  • Switch to a non-Microsoft-dependent application.
  • Use a virtual environment to provide Windows-based applications. You can deploy these applications through a virtual server, either on-premise or remotely (i.e.:  via Bryley’s Hosted Cloud Server) that can provide access to your Windows-based application by running it on an older, Windows-based operating system.

The last option is extreme; it can work for a number of years, particularly if you are not replacing desktop computers, but will eventually require a change.  Basically, you are avoiding the inevitable.

We have begun the planning and application testing for our Windows 10 rollout; I’ll update our progress in future issues.

Visit “How to upgrade to Windows 10 from Windows 8.1” by Ed Tittle in the February 12th edition of CIO and Preston Gralla’s article: “Excited About the Imminent Release of Windows 10? You Might Want to Wait” in the July 21st issue of ComputerWorld.

Bryley Basics: Free anti-malware plug-in for WordPress

Intel Security’s McAfee group now offers a free McAfee SECURE certification plug-in for WordPress-based websites.  This plug-in protects WordPress websites from unwanted malware while site-visitors can verify a site’s integrity.

McAfee Secure Icon

The free version covers the first 500 site-visitors each month; a paid version (about $80 per month) accommodates more than 500 visitors and allows for some different themes for the trust-mark itself.

James Wheeler, our Internet Marketing Associate, installed the plug-in in May; at first, it did not initially deploy the trust-mark properly, but has since been working reliably at Bryley.com since early June.

Livingstones participate as judges at the STEM Expo at Marlboro High School

The June 12th STEM (Science, Technology, Engineering and Mathematics) Expo at Marlboro High School featured interdisciplinary-team research projects on “Going Green at Marlborough High School” (9th graders) and “How to Reach and Colonize Mars” (10th graders).  These research projects were the culmination of a semester of intense, independent, original research.

About 40 professionals from different companies, including Cathy and Gavin Livingstone of Bryley Systems, judged these works based on understanding, originality, and presentation.

Microsoft Windows 10

Microsoft is releasing Windows 10 on July 29th.  It is available as a free upgrade to licensed users of Windows 7 and Windows 8.1 through the Get Windows 10 (GWX) application which is part of Windows Updates.  (Note: Some companies, including Bryley Systems, are temporarily blocking this update to permit a controlled migration to Windows 10.)

To minimize bandwidth and processing disruptions, those who reserve now for this 3Gb upgrade periodically receive parts of it until the entire upgrade is downloaded and ready for installation on 7/29/2015.

Windows 10 will run most Windows XP applications.  The Windows 10 Home Edition will likely sell at $119; the Pro edition at $199.

Read the article from Mark Hachman at PCWorld “It’s official: Microsoft Says You Can Download the Final Version of Windows 10 on July 29.”

Recommended Practices: IT security cheat-sheet

This is a multi-part series on recommended IT practices for organizations and their end-users.  Additional parts will be included in upcoming newsletters.

All organizations are at risk of a breach in IT security, whether externally (by a party outside the organization’s computer network) or internally (by a person connected to the organization’s computer network); studies show that even small companies are targeted externally, primarily because they are more vulnerable than larger organizations who can dedicate resources to combat external threats.

Organizations take great efforts to secure their data; they have firewalls, spam blockers, anti-malware applications, intrusion detection, etc.  However, the greatest threat comes from within:  End-users often inadvertently introduce malware (via web browsing or email-attachment clicking), which can spread across the network or attack confidential data.

Effective IT security requires a layered approach; it is comprised of multiple solutions at different points-of-entry and areas of concern.  It must be setup properly, but must also be continually monitored and then updated as appropriate.  Security should be periodically reviewed by an IT expert and, if budget permits, tested to ensure what is expected is what is received.

Effective IT security also requires ongoing training for all users and monitoring and enforcement of usage policies.

For an overview on IT security, I recommend viewing Derrick Hughes’ “Ten Ways To Prevent a Data Breach and Secure Your Small Business” in The Globe and Mail.

Here is our checklist, organized by security concern:

1.) Computer network:

  • Deploy, update, and monitor stand-alone firewall(s) between all external networks (IE: Internet) and the organization’s network.
  • Deploy, update, and monitor an email/spam-protection capability.
  • Deploy, update, and monitor an event-log management capability.
  • Deploy, update, and monitor intrusion-prevention/detection capability.
  • Lock-down wireless access points.

The first line-of-defense from external threats is a professional-grade, stand-alone firewall configured to refuse unwanted traffic from external sources while permitting only desirable connections.  It should be supplemented with email/spam protection; either as a Cloud-based service or via an internal appliance.  Event-log management and intrusion prevention/detection are also available either as a service or appliance; both are recommended, but budget versus benefits must be considered.

Enable Service Set Identifier (SSID) for internal-use wireless access points.

2.) Servers, their operating systems, and their applications:

  • Test and then install all recommended security patches/firmware updates.
  • Manage operating system and application security-updates continually.
  • Deploy, update, and monitor anti-malware application on all servers.
  • Monitor continuously and review periodically for anomalies.

Servers, whether in-house or Cloud-based, contain not only valuable data, but also end-user information (usernames, passwords, profiles, etc.) that can be manipulated and used to infiltrate.  They, their operating systems, and server-based applications, must be aggressively patched, protected through anti-malware, and monitored continuously.

Anomalies in performance and event logs can highlight potential security risks; both should be reviewed periodically.

3.) Data:

  • Identify at-risk data and its location; keep only what you need.
  • Outsource payment processing to a reliable, third-party partner.
  • Verify security of vendors and partners with access to your data.
  • Where performance permits; encrypt data at-rest and in-motion.
  • Deploy an encrypted backup solution with onsite and offsite storage.

Company data should be classified as to its value and stored accordingly.  It is best always encrypted, although many organizations might not have the processing power to permit such.

Rather than process payments onsite, many third-party vendors provide this service, but they should be verified before engaging.

Data backups should be encrypted and follow the 3-2-1 rule for reliability:

  • Three copies of important data
  • Two different media types
  • One copy offsite

4.) End-user devices, operating systems, and applications:

  • Manage operating system and application security-updates continually.
  • Deploy, monitor, and update anti-malware app(s) on all end-user devices.
  • Test and install security-required firmware updates to end-user devices.

End-user devices are a primary target; they are difficult to secure and change continually.  However, end-user tools also share some blame:  Karen A. Frenkel of CIO Insight writes in “How Malware Bypasses Detection Tools” that 81% of IT professionals believe that web-browser-initiated malware can remain undetected by security tools and that the primary attack vector is an insecure web browser.

End-user devices, their operating systems and their applications must also be aggressively patched, protected through anti-malware, and monitored continuously.

Occasionally, a manufacturer will issue an alert for a security-required update to an end-user device, which should be applied as soon as possible.

5.) Usage:

  • Lock-down user rights to restrict data access to as-needed basis.
  • Require complex passwords with forced, periodic changes.
  • Enforce periodic time-outs when computer is left unattended.
  • Separate social-media browsing from financial-data handling.
  • Require two-factor authentication for all online transactions.
  • Create end-user policy detailing appropriate Internet use.
  • Create end-user policy on how-to protect sensitive data.
  • Enable web-monitoring capability to enforce policies.
  • Protect email via encryption (as needed).

Data should be restricted, preferably by need-to-know.  (Crypto Locker can initially only attack data available to the end-user introducing this virus.)  Complex passwords with periodic changes can restrict untrusted access while forced time-outs keep private information from unwanted eyes.

Setup a separate login account or device for access to financial-data.  All online financial transactions must have two-factor authentication.

Policies should exist to inform end-users; they can be enforced through web-monitoring solutions.

Sensitive emails should be encrypted (via a service or appliance) while sensitive documents can be transferred via a secure FTP site.

6.) Training:

  • Define an organization’s best practices for IT security.
  • Demonstrate how to spot an unwanted ad while browsing.
  • Train users how to verify a website link (before clicking it).
  • Show how to verify an email attachment (before opening it).
  • Train users to check the address of an email’s sender/source.

Data breaches occur due to the inadvertent introduction of malware, sometimes through the failure to comply with policies designed to limit inappropriate behavior, but often through a lack of IT-security knowledge and training.

50% of corporate employees do not consider IT security to be their responsibility; Millennials are at greater risk than Baby Boomers due to their use of company devices for personal use (64%) and willingness to change default settings (35%).  (These findings are highlighted in Karen A. Frenkel’s of CIO Insights “Millennials Pose a Greater Security Risk”.)

The more training, the better.  Initial training should be acknowledged by the recipient and then tested for knowledge gained.  Security training should be repeated periodically; preferably at least annually.

7.) Maintain a Written Information Security Plan (WISP):

  • Assign a responsible person.
  • Define and announce the WISP.
  • Review WISP periodically (at least annually).
  • Document changes to WISP when they occur.
  • Periodically test, assess, and rework policies and procedures.

The Commonwealth of Massachusetts, under statute 201 CMR 17.00, requires a WISP for all organizations that hold personal information on any Massachusetts resident.  The WISP must be assigned to an Information Security Manager, periodically reviewed, and changes must be documented.  All WISP policies and procedures must be periodically tested, assessed, and reworked as needed to ensure maximum, ongoing protection.

Watch Bryley Systems’ 201 CMR 17.00 Seminar.