IT Support Blog for Small Business Owners

Did You Budget for Increased IT Support Costs This Year?

Posted by Michael Silverman on Mon, Feb 03, 2014

Windows XPLast month, I blogged about Technology Management strategies and how to link good IT management back to a predictable IT budget.  This April brings not only its usual tax day, but, crucial for IT management and business continuity, the end of support for the Microsoft Windows XP operating system.  Unless you’re in the minority, look around, you’ll see Windows XP desktops or laptops.  So what’s the end of support for XP have to do with increased network management costs?  It means you’re going to need to upgrade old computers or risk unplanned downtime due to an exploited unsupported operating system.

Microsoft has stated that “after April 8, Windows XP Service Pack 3 (SP3) customers will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates.  This means that any new vulnerability discovered in Windows XP after its ‘end of life’ will not be addressed by new security updates from Microsoft.”  IT security is a leap frogging game between those desiring to attack a computer or network and those tasked with protecting it.

The graphic below illustrates the typical IT management strategy for protecting a computer or network.  Security systems are designed to prevent attacks, but what happens if an attack is not detected? Computer systems can screech to a halt and valuable data can be lost.

IT Virus Detection, Response, Prevention 

For years I’ve expressed to clients that someone needs to be the first to get a new virus, or be the victim of a software security flaw before patches or updates can be introduced.  About four years ago, one of my clients was one of the first to get hit with a new virus.  It was identified by Symantec two days prior and the virus definition update, the response, had not yet been released.  Fortunately, there were good monitoring controls in place and we were able to limit the damage until Symantec got us the interim software release.  The net effect was limited downtime and minimal loss of productivity.

Now let’s fast forward to April 2014.  You’re a small business, say 40 employees, all with Windows XP desktops.  One of your employees innocently goes to a web site with a corrupt display ad designed to exploit a Windows XP flaw.  It attacks their computer and begins spreading throughout your network.  What might you expect?

  • IT Productivity could drop to a crawl; 40 employees times $100 an hour burden rate will cost the business $4,000 an hour.  Can the technicians eliminate the issue in an hour?  Probably not; could take a couple of hours just to identify the root cause.
  • Do you have a solid business continuity plan addressing these kinds of issues?  If you have a remote worker strategy leveraging Citrix, you might be able to get partially back in business in a few hours; now maybe up to $20,000 in lost productivity.
  • The IT team says, “We’ve got no choice but to upgrade to a supported operating system like Windows 7 or Windows 8.”  Ugh, now you’re hitting cash flow.  The upgrade could cost $6,000 to $12,000 to purchase, but how much longer to deploy it?  Couple of days to get everyone back on-line? There’s $60,000 in lost labor, but what about lost business?
  • Maybe your computers are too old to run the new operating system.  Now you’re spending $32,000 in new computers, another couple of days lost labor, $60,000 plus labor to deploy the new machines, and more lost business.

Get the picture?  It’s just not worth it.  The pennies saved while everything works can cost you thousands without any advance notice.  Talk to your IT support company, IT consultant, and your peers.  The gamble just isn’t worth the price.

And it’s not just Windows XP.  Every piece of technology linking your network exposes you to some degree of risk as it reaches its end of life.  Do you have an IT strategy or lifecycle management plan in place to mitigate these risks?  Want perspectives?  Check out my recent blog about technology management or just drop me a line.  

 

Request A Free Network Assessment

Topics: IT Support, Windows XP, IT Productivity, IT Strategy

Dreaded Deadlines April 15 “Taxes” and April 8 “End of XP IT Support”

Posted by Scott Persechino on Sun, Jan 19, 2014

no xp support resized 600The deadline we are typically concerned about in April is the 15th – Tax Day.  Here in calendar year 2014, business owners, IT personnel, and IT outsourcers are also preoccupied with another deadline, this one on April 8th – the end of Microsoft XP Support.  If you have not already heard, on April 8th, 2014, Microsoft will officially end Windows XP operating system’s life cycle. Microsoft has stated that it will no longer sell or support Windows XP and Office 2003.

There will be no automatic fixes, updates, free assisted online technical support, or security updates.  And if the statistics are anywhere near correct, experts are stating that for businesses with 5-250 employees, only 55% of them know about the end of XP, and 70% have no idea what migrating off XP will involve, or how it will impact their business!  This is pretty scary stuff—today is January 19th!  How many employees are in your company?  Do you have a plan?  If not, please take this situation seriously, because if any of your computers are still running XP, your business could be negatively impacted, with some very serious consequences.  Consider the following items and the potential impact to your business:   

  • Security Risks: Without question, XP security vulnerabilities present the greatest threat to your business. Without the security enhancements provided by an updated XP operating system, all of your business data and personal information are subject to harmful viruses and spy ware.  On April 9th, hackers will very likely have more information about vulnerabilities in Windows XP than the IT folks who are trying to protect the computers still running this operating system.  In fact, there is a strong likelihood that malicious viruses will be unleashed on XPs on April 9th, leaving unprotected computers “dead in the water.”  Viruses will very likely be spreading quickly over the Internet, and potentially onto your internal network, to any PCs still operating on XP.  Please don’t be that business owner consumed with thinking about a virus spreading through all the computers that keep your business running. Take proactive steps with your IT provider instead, and “Be Off Microsoft XP.”
  • Compliance Issues: For many businesses, continuing to operate XP could result in compliance issues leading to the suspension of certifications, and potential public notifications of an organization’s inability to securely maintain its systems and customer information.  Think about what is happening to Target and Neiman Marcus currently. Do you want to run the risk of compliance problems placing your business in legal peril and seriously damaging its reputation?  Your business has only one reputation. Don’t run the risk of tainting it by ignoring the XP issue.
  • Upgrade Expenses: As a business owner trying to control costs, are you concerned that an upgrade will be too expensive? If so, please reconsider. Some experts are viewing businesses that continue to run XP as irresponsible, and a serious liability. There is no doubt that problems are going to arise, and they may end up costing your business significantly more than the prudent XP upgrade, not to mention the potential downtime of your operation.
  • Custom Support Available for a Price: Many business owners are in denial about the end of XP, hearing that support will actually remain available after April 8, 2014.  True…but beware, as that support will be very expensive, and the reality is that it will be only a temporary band-aid.  Please don’t ignore this situation. This is not going to be another Y2K “non-event.” This one is real, and it will bite you if you don’t take action.

The interesting thing is that the “XP Lack of Support” also opens up other questions and opportunities for discussion.  Microsoft is assuming their XP customers will migrate to Windows 7 or 8.  Well, is this the time for your business to look more seriously at Apple MACs?  How about Linux?  Or do you do away with all of this, and move entirely towards tablets? 

All of these options come with a list of your standard “pros” and “cons.” It’s never easy.  All of these options are viable depending on your circumstances. Now is the time to be talking seriously to your IT provider about this important decision. You can file for an extension if you cannot meet the April 15th Tax Day deadline. There is no such option available for the XP deadline of April 8th.   Please take action now. ”Get Off Microsoft XP.” would you like to learn more? Register for our 30 minute webinar held this week to educate business owners on what the risks are and what your options are.

 

Register For The Webinar Today!

Topics: End of support for windows XP, Windows XP, End of Windows XP Support, End of 2003 support, Security threats facing small businesses

End of Support for Windows XP. Time to say NO to XP

Posted by David S. Mulvey on Thu, Jan 09, 2014

End of support for Windows XPOn April 8, 2014, Microsoft is officially retiring Windows XP and Office 2003. As Windows XP comes to the end of its life, desktops and servers all around the world will feel the effects. Microsoft recently estimated that 25% of all Microsoft operating systems in use today are still using Windows XP! Fortunately, there are a couple things you can do if your applications depend on Windows XP.

With Windows XP's retirement party less than 90 days away, after April 8 any zero-day exploit released into the wild will run rampant on Windows XP systems while Microsoft watches on the sidelines; they will not offer any security patches to mitigate the security risk. When companies beg for a security fix, Microsoft will hold one document up: the lifecycle information for Windows XP with a Post-it note that shows we all had four years to move to Windows 7, to avoid a Windows XP exploit.

I am writing this blog to make certain my readers are well aware that you are quickly running out of both time and options when it comes to removing Windows XP from your company. Microsoft isn't the only company ditching XP. Not only can Microsoft wash its hands of Windows XP support, but so can all the custom software and Line-of-Business application companies that once supported Windows XP.

Assuming those companies stopped actively developing for the Operating System years ago, they are likely still supporting the applications that run on it. After Windows XP end of life on April 8, 2014, they'll have no reason to continue to support that version of their software. The implications of this reality run far and wide. Line-of-business software is surely affected, as are any other random software applications you are using.

Honestly, when was the last time you called any support company regarding Windows XP? It’s not that you will no longer be able to call and get technical support from Microsoft that really matters. What really is cause for concern is that Microsoft and security software vendors will likely stop patching, updating and supporting their software.

Why would companies such as McAfee, Symantec, Kaspersky or Trend Micro bother maintaining a product for an Operating System that is, for all intents, dead? Windows XP will still run, and it could be that their definition files will be updated with the latest viruses for a time, but do you think those companies will pay attention to viruses targeted toward XP after its retired? I think it is unlikely!

The bottom line is that running Windows XP in your organization on anything other than a desktop with no network connection, no floppy drive, no USB ports, or CD drive is an outright liability, bordering on irresponsible; you must insure that the machine cannot be attacked by any virus. Yes, there will be some unique software situations that will require it, but if you determine that your organization can't afford to get off Windows XP on the basis of support or cost, I believe you are wrong.

Let me be clear -- I love Windows XP; I distinctly remember running Windows XP on my early IBM AT computer with an AT-style keyboard. Still, it's now past the time to put Windows XP out to pasture.

There is at least one thing you can do, though, to extend the life of systems that depend on Windows XP: use a Windows Server 2003 R2. Windows Server 2003 R2 is essentially Windows XP Server, and while the Windows XP end of life date is April 8, 2014, the end of life for Server 2003 R2 comes 15 months after that: July 14, 2015. Since they are roughly the same OS, based on the same kernel, it's likely that anything you require XP for will work on Server 2003 R2 -- and that will buy you more than a year to figure things out.

The bottom line is that you're running out of both time and options when it comes to removing Windows XP from your company. But, whatever you do, make sure that Windows XP is off your network by April 8 2014. If you would like to learn more about what your next steps as a business owner should be; sign up for my 30 minute educational webinar below.

 

FREE IT Webinar Prepare for the End of XP Its Time to Take Action Click Here to Get Started

Topics: End of support for windows XP, windows 7

Do you have a potential IT Time Bomb in your office?

Posted by David S. Mulvey on Sat, Jan 04, 2014


Windows XP IT Time BombIn 90 days, on April 8, 2014 Microsoft will end extended support for Windows XP. This means that no additional security patches, bug fixes, or service packs will be released and that users will no longer have access to free or paid technical support.  Systems running XP won’t suddenly stop working on April 8, but they will become increasingly vulnerable and the source of additional problems to your company.  I doubt you have called Microsoft for XP support for years, so why is this a big deal? 

Well it’s not that Microsoft will no longer take a support call for Windows XP; the real issue is that new security exploits that come along for XP will no longer be corrected by Microsoft.  Microsoft finds and corrects hundreds of security exploits within their operating systems every month; when your PC downloads a new Microsoft Patch; you are receiving the security corrections to harden your system from attack.  On April 8, 2014, Windows XP will be open season for security hacks, data hijacks and other vulnerabilities.  You simply must protect yourself and your company data by removing all of your Windows XP machines from production!

IT Security: The sudden absence of support for XP leaves a void that will likely be filled by a slew of old or soon to be exploited vulnerabilities that will subsequently give rise to a new crop of security exploits that target Windows XP systems.  Without continuing security updates; older operating systems like Windows XP typically have more exploit activity due to the fact that the malicious code will have ample time to mature, circulate and infect your machines.  There are also other reasons for considering removing your XP machines from production.

IT Performance: Todays modern PCs have features that were nonexistent when service pack enhancements for Windows XP were discontinued.  Today’s PCs include WIFI, Bluetooth, faster USB ports, and high resolution video graphics and touchscreen capabilities.  Many of these features are either poorly supported or not supported at all by Windows XP Professional.  Converting your old Windows XP machines over to Windows 7 can bring a huge performance boost.  You will get the benefits of better device drivers, high speed WIFI, faster USB 3.0 ports, and double software speed execution with 64 bit software support. 

Office 2003: Unfortunately, Office 2003 is at the end of support with Microsoft. So, much like Windows XP, you need to determine if your company is still using Office 2003 which includes 2003 Word, 2003 Excel and 2003 Outlook.  With all of this software becoming essential obsolete and worse than that, a liability to have on your network, what should you do? 

Windows 7 or Windows 8? Peter Klein the CFO for Microsoft said, “If enterprises are holding off on Windows 8, they are still embracing Windows 7 as an upgrade solution.”  He continues, “This quarter we saw continued progress from the transition of Windows XP to Windows 7.  Now, two-thirds of all enterprise desktops are running Windows 7.” ANP agrees that Windows 7 is the perfect replacement for Windows XP.  Windows 7 will be supported by Microsoft until October 13, 2020, which is far more time than a new PC bought today will be in service.

Next Steps: Take a careful look at your Windows servers and desktops and determine if you have any Windows XP still running on your company devices.  If so, upgrade the machine and operating system at the same time.  If you are not sure or don’t know how to take inventory of all of your Microsoft software you can reach out to ANP; we would be happy to help you in the assessment and also in the upgrade process.

Attend our IT Webinar: During our free 30 minute IT webinar we will dive deeper into the potential risks of not migrating out your old Windows XP machines and explain three Windows 7 migration strategies and why one might be perfect for your company. Sign up for the 30 minute webinar below: 

FREE IT Webinar Prepare for the End of XP Its Time to Take Action Click Here to Get Started

Topics: Windows XP, End of Windows XP Support, IT Time Bomb, Microsoft Windows 7

IT Technology Lifecycle Management for Small Business

Posted by Michael Silverman on Fri, Dec 27, 2013

IT Technology ChangeThose who know me know I believe that business requirements drive technology investments (not the other way around).  So let’s assume everyone agrees with me on that, but what about managing existing technology investments?  A few of the more common technology management scenarios we see in small businesses include:

 

  • Upgrading when the existing technology literally fails and becomes unusable

  • When a visiting engineer tells you, “Houston, we’ve got a problem”

  • When introducing a new business application, the vendor “requires” new equipment

     

IT managers, or outsourced Managed Service Providers, should always steer management with technology management recommendations proactively.  Hardware does get older; new software versions come along; hardware and software even becomes obsolete.  Lifecycle management is a subset of technology management and should be reviewed regularly by either internal staff or your outsourced Virtual Chief Information Officer.  I utilize a Risk Assessment worksheet to document everything critical to my client’s IT environment from hardware to software, local and remote technology.  Some of the considerations, beyond business drivers, include the physical age, performance metrics, end of life, and end of support data for hardware and software.

So, you might ask, “what’s the risk to my small business if I’m not managing and attending to my technology’s lifecycles?”  Worst case is you’re exposing the business to unplanned downtime.  One of the most common examples is an expiring agreement.  Virtually every business has a domain name used for accessing a web site and managing the flow of email.  If the registration for your domain name expires, the business is not only at risk of disruption of email flow or access to the web site, but another organization or individual can actually take ownership of your domain name, forcing you to find a new name.  Some other expiring agreements associated with lifecycle management include SSL certificates (equally as disruptive as domain names) and both hardware and software maintenance agreements. 

Second in line to expiring agreements is dated hardware or software.  Let’s start with hardware.  In general, my greatest concerns about hardware reliability occurs right after new equipment is deployed and after 3-4 years of its useful life.  The graph below provides an illustration of the typical lifecycle of a piece of equipment.  During the first 90 days or so, there’s a risk of premature failure.  ANP will “burn-in” new equipment for a series of days to try to catch this potential risk.  Once through the first 3-6 months, failure rates become quite infrequent.  As equipment ages beyond 3-4 years, the risk of a component failure dramatically increases.  This risk can be mitigated through effective business continuity planning.  We’ll typically leverage redundant components and systems in our designs and discuss the cost/benefit relationship to insure the client is making the most prudent business decision.

 


lifecycle management

The last aspect of technology lifecycle planning is driven by the manufacturers and software developers.   It’s referred to as End of Life and End of Support.  Many of the major manufacturers publish End of Life documents.  I’ve included a few common manufacturer links to their lifecycle web pages.  One of the most notable, near term events, is the pending Microsoft Windows XP SP3 End of Support date, April 8, 2014.  This means that as of April 8th, Microsoft will no longer provide automatic fixes, updates, online technical assistance or, most importantly, security patches, potentially leaving your business vulnerable to virus attacks or security breaches.

Technology Management Guidelines

Although every businesses situation is different, the following guidelines provide a good rule of thumb:

  • Upgrade desktops every 5-6 years, including upgrading operating systems and the Office suite.  For the next upgrade, evaluate the feasibility of thin clients or virtual desktops

  • Upgrade key physical servers every 4 years.

  • If you’ve begin to virtualize servers:

    • Upgrade virtual guest servers based upon the application vendor’s guidelines

    • Configure the virtual host servers “N+1” so you can function if one server fails; stagger purchase dates; monitor performance, then replace upon failure of a host unless performance dictates.

  • Storage systems should be evaluated at the 5-year mark
  • Network switches:  At end of support, usually 5 years
  • Routers, Firewalls: At the end of software maintenence

In summary, it doesn’t matter whether you’re large or small, driven by technology, or just consider it a necessary evil; you need to have a Technology Lifecycle Management strategy.  I’ll leave you with a few guidelines and resources.  As always, drop me a note if you’d like to discuss lifecycle strategies, or request a free network assessment to determine where your IT equipment is on the lifecycle graph.

 

Request A Free Network Assessment

Resources

Topics: Business IT, IT Assessment, Business technology, Managed Service Provider, IT Technology, Lifecycle management

How does a Business Owner Insure IT Security with Employees?

Posted by Scott Persechino on Sun, Dec 22, 2013

IT SecurityHaving worked in the technology field for many years, I’ve developed a certain perspective regarding the security of technology devices in my office and in my home…and frankly, I’m not sure if it’s “healthy” or “unhealthy”.  Here in my office, if I take a look at the devices connected around me, I see a computer with connections to internal resources as well as external Internet- and cloud-based resources; I see a little USB drive hanging off my computer; I see a smart phone with all sorts of applications loaded on it; I see an IP-based phone, with voice mail, and all sorts of other capabilities.  At home, I have a cable modem, a little wireless router, a few cable boxes, telephones with voice mail service, and a couple of smart appliances.  Although all of these devices are either essential for me to be able to do my job…or help make my time at home be more convenient and enjoyable, I can’t help but think they all have one thing in common…and that is all of these devices can be hacked!

The simple truth is that if you can plug it in, or connect it to a “network”, your device, no matter what it is, can be taken over by someone else. And the truth is that someone doesn’t have to be an experienced hacker to do some serious damage…either on purpose or by accident.

Frankly, I’m a minimalist when it comes to technology…I want to turn things on and have them work.  I don’t need every fancy attribute, but I expect that my equipment will work, and I don’t need any hassles with hackers.  Part of what makes new technology so exciting is that, unlike the old days, it works right out of the box. Now any “non-techie” can download just about any application very easily, and it just works.  However, with this “tech world” being more accessible, it also becomes more problematic…and the hackers love it!

Take a look at a quick list of devices that “experts” think will be vulnerable over the next few years as the Internet of Things becomes more widespread.  Here are the pretty obvious items: smart phones; smart watches; office computers; tablets; home computers; the cloud (services, storage, software); ATMs at banks; printers; GPS devices; Wi-Fi routers; web cams; thumb and portable USB drives; cable box or DVR; voice mail (especially those with a global call-in numbers that don’t lock out after successive failed attempts)

But how about these “less obvious” items…these might be the “hack-able” devices of the future: power strips (today, they can be infected with malware); power cords for your devices (software code can be implanted now); luggage trackers (such as the Trakdot); connected glasses (Google Glass); gaming consoles: PS3, Kinect, Nintendo; refrigerators (such as Samsung); cars with computer operating systems; smart pens (like the Livescribe); gesture control devices (such as the Leap); cameras; smart alarm clocks; coffee makers; key fobs; light switches; moisture sensors; traffic lights (MIRT transmitters can change lights to green in two to three seconds); highway signs that spell out text  And I didn’t even mention medical devices, which are frighteningly exposed to hackers.

The proliferation of all this technology creates a constant need to keep devices updated and secure. For small- to medium-sized business owners in particular, where your internal IT support may be minimal and less-experienced at best, you are uniquely vulnerable.  Experts believe the most vulnerable device in any American house is the cable box, because it is so rarely updated.  However, if a hacker takes out your cable box, the damage is pretty well contained…hopefully.  Yet, if a hacker takes out your company’s server, or critical workstations are compromised, it could bring your company to its knees, and potentially put you out of business.

If what I’m saying makes you uneasy, you’re not alone. So how should we think about our constant vulnerability? Whether it’s “healthy or unhealthy”, I make a daily assumption that everything I do is hack-able.  I have an awareness of potential vulnerabilities, and I’m trying to develop an evolving set of street smarts…all business owners should as well.

For example, when you’re traveling and working on the road, consider carrying your own Wi-Fi hotspot. You can use a secure virtual private network (VPN) to send and receive email, and to access content that you have stored in the cloud. (Truth be told, that network can be hacked too, but at least your IT person or your managed services provider can watch the logs of what information is coming and going, and attempt to fight off intruders.)

Another good rule of thumb is to keep your network cloaked, meaning, don’t name it “Joe’s Hotspot”, if your name is Joe Smith.  As a managed service provider who performs regular network assessments for prospects, we routinely look at networks, and are astonished to see how many people use their own names or the names of their companies in their naming conventions. One approach is to change the names of all your devices to your mobile phone number. That way, if your laptop is lost or stolen for example, someone will see a phone number rather than your name, and perhaps there will be less of an incentive to poke around your machine to see what’s there.

Another idea is to use passwords that are easy to remember, but difficult to crack. Experts say you’re best off with a long phrase that also includes numbers and at least one capital letter. For example, something like “Iwant99pizzasand12sodasfordinnertonight” is actually more secure than “Gx1U2y,” because the algorithms that are used to crack passwords have to process many more computations when the password is longer.  Speaking of passwords, as much of a pain as it is, please change them regularly…weekly is recommended. It should go without saying that each one of your networks and devices should have a different password. When was the last time you changed yours?  Since I know you’re wondering: there is no workaround for this and no way to short-cut the management of your own passwords.  Again, another function you could look to your managed services provider for assistance.

Another good rule is to turn off your peripherals when they’re not in use, including printers.  Same goes for nonessentials on your network, such as additional computers, game consoles, and the like. The more things you have plugged in, the more opportunities there are for penetration. Be cognizant of who’s plugging “what” into your network. An innocent-looking thumb drive can destroy your computer within seconds…scary.

The good “healthy” news is that the “tech world” is open to all, offering fantastic business opportunities “in the office”…not to mention that it teach kids how to use and control the many devices that are undeniably tied to their futures “at home”.  The truth is that open networks are vital to innovation…however, the “unhealthy” truth is that they aren’t totally secure…and probably never will be…

It is incumbent upon a business owner to insure himself that as his company data is proliferated over smart phones, home networks, everything remains secure! ANP can help you evaluate if in fact you have everything secured, what happens when an employees laptop or smart phone is stolen; can your company wipe off the data? ANP can help, check out our free network assessment below.

 Request A Free Network Assessment

Topics: IT Technology, IT security, Business Owners, Virtual Private network, home network, security of your company

The Strategic Value of a CEO Peer Group to the Small Business Owner

Posted by David S. Mulvey on Sat, Dec 07, 2013

CEO Peer GroupIt is lonely at the top and the CEO is expected to have all the answers.  A CEO Peer Group helps the CEO by acting as a sounding board, a brainstorming group, and sometimes as the necessary harsh critic who points out what you can't see for yourself.  We have always heard that many heads are better than one.  Have you considered that a CEO Peer Group might help you become a better leader, make better decisions and get better business results?

Joining a CEO Peer Group may seem like an activity viable only for large corporations that spend thousands on expensive consulting engagements.  But CEO Peer Group benefits extend into the realm of small business as well.  A CEO Peer Group can be the perfect opportunity to share with, learn from, and collaborate with other executives in your region.  The experience can be eye-opening and enlightening and can impart a number of specific benefits; I speak from experience as an eleven-year CEO Peer Group veteran.

First, a broad spectrum of perspectives is one of the most prominent benefits a CEO Peer Group can offer your small business.  A CEO Peer Group will include CEOs in all sorts of industries, with big and small companies.  You might be surprised at how relevant the issues of a CEO in a different industry or region can be to your business.  This fact was counterintuitive to me and was the primary reason why I avoided joining a CEO Peer Group for decades.  How, I thought, could a CEO in the Food industry possibly help me in the IT industry?  A CEO Peer Group will give you the opportunity to present individual challenges or dilemmas to seasoned business individuals who can provide unique and fresh perspectives.  For example, I was encouraged to focus on hiring an Operations Manager from my group as they saw me spending too much time on running the business.  I have also been encouraged to focus on building a stronger management team.

ANP offers a Virtual CIO periodic meeting to our outsourced clients, in many ways it is a peer group of IT professionals providing you and your business with strategic IT advice.  You have a strategic IT professional who can discuss business issues with you and turn those conversations into actionable technology projects.  Or you could elect to sit down and allow ANP to take you through a seven step strategic session to discover your technology gaps.  ANP also offers a free IT audit and network assessment which can report back a snapshot of how your company technology is setup and running, its a free IT report card. The same type of process occurs in a CEO peer group, an issue is brought to the group and "processed," using a best practice methodology providing you with a great amount of value.

Secondly, your CEO Peer Group will give you the opportunity to discuss strategy, vision, and the big picture.  You spend enough time worrying about day-to-day dilemmas while interacting inside your organization, so use this time with your peers to discuss and analyze broader issues.  You have heard the expression that a CEO should work “on” the business not “in” it?  Receiving honest input from multiple sources in your CEO Peer Group can help you form a more accurate picture of your industry and the market as a whole than is possible from the narrow view of your individual business.  Small businesses especially can fall victim to getting too wrapped up in little issues to focus any attention on the big picture.  Don't miss the chance to step out and analyze your company from a broader perspective.

Finally, my CEO Peer Group has created a network of trust and accountability for my professional life.  It would be naive to think that all members of these groups are entirely honest with each other, but when openness is extended by all parties, a unique climate can be established.  Instead of the rivalry and secrecy that often enshroud inter-organizational interactions, you can now engage in encouragement, honesty and accountability with your business peers.  Use your CEO Peer Group to share week-by-week developments.  Explain what things from your last meeting worked and what things flopped.  Encourage others to do the same and you'll find that competitiveness quickly takes a back seat to collaboration.

CEO Peer Groups and forums are an excellent outlet for a small business CEO to share and learn.  With a diverse range of perspectives, a chance to step back and see the big picture, and a climate of honesty and accountability, these groups can help you take your organization and professional career to the next level.  I find that on months when I did not bring up an issue or challenge, I was still able to learn an enormous amount just by listening to the thoughts and ideas of my CEO peers!

CEO Peer Groups often serve as saviors to entrepreneurs who find themselves singing the lonely-at-the-top blues.  As CEOs we are not always going to hear what we need to hear from our employees.  A CEO can join a peer group because other CEOs will tell them what they need to hear, not just what they want to hear.  A CEO Peer Group is really like having an objective sounding board of CEOs whose only agenda is to help you and your business get better.

The power of a CEO group stems from the willingness of its members to share their cumulative experience and expertise.  Collectively, there are no blind spots; some CEOs are great sales people, some excel at product development and some are experts at running global businesses.  Some run local family businesses. What you need is diversity of industry, size and experience; by having that diversity in your peer group, everybody has someone who has been where they are trying to go.

If you would like to know more about a CEO Peer Group company, please fill out the ANP contact form and write “CEO Peer Group” in the notes section. I will personally see that you get a free call from a Vistage Peer Group chair, or simply call me and I would be happy to share my experiences with you.  You can reach me David S. Mulvey at (267) 628-1033. 

Schedule Your Strategic IT Session Now

Topics: CEO Peer Group, Virtual CIO, IT Assessment

Is your IT Service Provider in the Technology or the People Business?

Posted by David S. Mulvey on Wed, Dec 04, 2013

describe the imageThere is nothing more exciting than seeing a client achieve their business goals with technology; however, there is nothing better in life than watching your employees move from just doing a job to becoming wildly successful with our clients.  It’s exhilarating for me to see the maturity, excitement and confidence that are the direct result of client success.  As a business owner I bet you are used to hearing over and over the same employees names mentioned when it comes to success… I never hear that Server was amazing, or that Firewall saved me… but I often hear that engineer worked above and beyond what we ever expected of ANP!

So during this season of thanks giving I want to share the three most important people traits an IT company can possess… Does your IT Company lift these up in value?  There are three great characteristics that affirm your IT provider is in the people business, and not in the technology business:

1) Humility – My best employees and engineers are humble; you would never know when you meet them that there are some of the smartest and most talented engineers in Philadelphia.  They just work hard all day long; they roll up their sleeves and jump into our clients problems as if they were their own.  These employees know that our client’s success translates into their own success!  None of these great people rest even for a moment on their previous success stories.  Every day is a new challenge and a new chance to demonstrate how great they truly are!

2) Generosity – Great employees love to give back to their clients and to their own team.  They are great leaders and they rarely see themselves in that light.  They mentor new employees and new clients; they give freely of their time and talents without ever expecting anything in return other than the innate sense that they did the right thing.

3) Business Orientation – My best employees know their clients, and know how our clients get work done.  They are always in close contact with the employee or decision makers, they never hide behind a service request ticket status.  Many in our company, while once technical, have taken on business leadership roles and are willing to rely on the technical employees to make the technical decisions.  As a result our business people can focus on business results and not on the speeds-and-feeds of technology.

I for one am so thankful for the fine employees at ANP that focus everyday on our clients as people and not as a technical service issue.  How is your IT service provider performing did you a hire a technology company or a people company?  This is a great time of year to invest a moment to take stock!

Work With A Trusted IT Services Partner

Topics: IT Service Provider, Technology Business, People Business

Is Your Company Data Ready For An IT Disaster Recovery Test?

Posted by David S. Mulvey on Sun, Nov 24, 2013

Silent Data CorruptionUnfortunately, many companies that experience an IT “data loss event” also discover, at this critical time, that their backed-up data is corrupted and not restorable.  The fact is that data can become corrupted during the back-up process.  Therefore, most managed service IT providers offering back-up solutions for clients will perform data integrity checks at the time IT data is sent off site.  Though this is a good practice, and can provide a level of comfort for businesses, the truth is that data can also become corrupted over time while residing on spinning disk drives at an off-site location.  This type of occurrence, known in the industry as “silent data corruption,” is literally caused by the rotting of the storage media where the data is housed.  So even though businesses may feel they are “good” with their data backup, that actually may not be the case.

This is why IT data restorability “dry runs” or “backup plans” are critical.  Businesses need to verify on a periodic and regular basis, that the data they are backing up is actually recoverable.  Though these tests can be hardware intensive and time consuming, they are critical.  Business owners need to know that if they experience an IT “data loss event,” their data will be restored and their applications will resume in a reliable and predictable fashion.  The only way to be sure of this happening is to conduct periodic disaster recovery plan.

There are some sophisticated IT data protection solutions in the marketplace that can automatically verify the viability of data, not only when the data is written for the first time, but also on an ongoing basis.  This approach enables companies not only to detect and protect against data corruption during the initial backup process, but also to guard against this “bit rot” scenario over time. Having a disaster preparedness plan that includes silent data corruption is a key element in a disaster continuity plan!

The IT best practice is to transfer data from any spinning disk drives before the five-year time frame expires.  The probability of “bit rot” occurring goes up dramatically after five years.  Interestingly enough, good old fashion “tape” is the best approach for storing data for longer than five years.

Do an IT data “dry run” restore within your company. Or talk to your managed IT service provider about doing a disaster recovery test with you.  There would be nothing worse than experiencing a flood or fire at your company’s main location, and losing everything, including all of your data, true?  Well maybe there would be. What if, when you went to leverage your IT data backup to get your company back on its feet, you discovered the data was corrupted and unusable?  You could literally be out of business at that point.  Don’t let that happen to your company. Download our guide to preparing your own Disaster Recovery Plan:

 

5 Steps To Prepare Disaster Recovery

Topics: Disaster Recovery, IT Backups, IT Data Disaster, IT Best Practice, backup plan, disaster recovery plan

What is an IT audit and when do you need one?

Posted by Michael Silverman on Tue, Nov 19, 2013

IT Audit

There are many forces that may drive a business to conduct an IT audit. Compliance agencies, prospects, or even software developers may require one. Or you, as a business owner, may be proactively seeking ways to improve or better leverage your existing IT investments. Let’s expand on each of these briefly:

● Compliance agencies:  A growing number of sources—including HIPAA (healthcare), PCI (payment card/transaction), Sarbanes-Oxley (internal financial controls), and state privacy acts—have generated an increase in audits by accounting firms and related agencies.

● Prospects:  Increasingly, customers or prospects will request documented confirmation of the quality of your infrastructure, policies, and procedures, especially if you are doing business with larger corporations and leveraging EDI (Electronic Data Interchange).

●Software developers: Small businesses aren’t usually targeted, but it is not uncommon for a disgruntled employee to raise a flag triggering a software licensing audit, whether warranted or not.

● You, the business owner: IT can be something of an unknown entity. A proper IT audit will answer questions such as: Do I need to expand? Or, conversely, have I invested in unnecessary, inefficient, or outdated IT resources? Might outsourcing my IT be a better solution?  

What’s in an IT audit? 

All IT audits are focused on identifying risks of one type or another.  An IT audit could be strictly financial, more broadly focused on policies and procedures, or narrowly targeted toward the physical IT infrastructure itself. 

Financially-oriented IT audits are usually internally driven.  Management may be questioning the ROI (Return on Investment) of existing labor investments.  Are IT staff workloads increasing, while total employee headcount or sales remain static?  Are equipment upgrades being requested that budgets can’t support?  Are you experiencing project budget overruns, or have past projects not met expectations?  The IT audit process can answer these financially-oriented questions.

IT audits related to privacy policy may originate from either the Human Resources department or the IT department itself.  Issues of privacy are in the news almost daily.  Do you have a written privacy policy detailing how you manage and maintain employee and client data?  What controls are you leveraging to manage and mitigate a potential breach of your systems and potential loss of data considered private?  Do you have both a written policy and the necessary associated controls to manage your employees’ use of email and the internet? An IT audit can be used to review and update, or to create these policies.

Change management is not just an IT or Human Resources process, but a company management process. As employees come and go, is your IT department aware of all staff changes?  Are procedures in place to insure that terminated employees or interns no longer have access to your technology?  Do active employees have access only to the data and systems needed to perform their jobs?  What is your process for upgrading your primary line of business applications?  Is it as controlled as it should be?  Do you have an adequate “fall back” position in the event the upgrade goes south? An IT audit can be used to tighten up these change management procedures.     

Technical IT audits evaluate physical infrastructures: security systems; infrastructure design and configuration; equipment age and supportability; licensing compliance… The list can go on and on. Even if the physical components of your IT infrastructure make the grade, auditors will also want to understand your IT processes and procedures.  The absence of processes and procedures, or inconsistency in executing them, will draw the attention of auditors, but even more importantly, will increase your risk of business system outages.  At its core, an IT audit, however granular it may become, should be focused on understanding security vulnerabilities, capacity and end-of-life equipment risk, and disaster recovery / business continuity metrics.   

Should you be considering an IT audit?

If you’ve found that you yourself, your internal IT team, or your outsourced provider are unable to answer many of the above questions, or if you’re just not satisfied with the answers you receive, now is the time to begin planning an IT audit or Network Assessment of your systems, processes, and procedures.  The insights you will gain from this effort, whether you perform it yourself, or outsource it, will empower you to act from a position of greater strength.  The net result will be a clear picture of your operations, with discrete action items that will improve your business.

Request A Free Network Assessment

Topics: Business IT, IT Outsourcing, IT Audit

Subscribe By Entering Your Email

Follow ANP



Latest ANP Blogs

Browse by Category