Blog

Category Archives: Non-Profit

How to Establish Your Business Continuity Plan

Business Continuity Planning

Why Every Company Needs a Business Continuity Plan

A Business Continuity Plan is a formal document that outlines how your business will continue to operate during an unforeseen emergency. This includes a wide variety of events, such as:

  • Natural disasters (such as fire, flood, or earthquake);
  • Power outages (which can cripple a healthcare facility or manufacturer);
  • Virus outbreaks (like COVID-19);
  • Long-term internet disruption;
  • Cyberattack (which can compromise entire networks and expose sensitive client data, patents, patient history, and customer bank accounts);
  • Cloud provider outage;
  • Critical vendors being compromised or going out of business; or
  • The sudden loss of an owner or other key player.

A Business Continuity Plan can keep your business up and running during the worst of circumstances. It can also help protect your brand and retain customers, safeguarding your company over the long-term.

It’s a bit like insurance. You invest in it and hope you never need it. But when you do, a well-written Business Continuity Plan can mean the difference between protecting your livelihood and losing your business.

What You Should Include in a Business Continuity Plan

A comprehensive Business Continuity Plan (BCP) should include contingencies for everything from business processes and technology to human assets and physical locations. Specifically, it should contain:

  • Disaster Recovery Plans for every conceivable emergency scenario, detailing how critical operations will be maintained during short-term and long-term outages;
  • An Information Technology (IT) Disaster Recovery Plan, covering data security and accessibility, as well as software, hardware, and equipment requirements;
  • A Crisis Communications Plan, detailing how the company will communicate its situation to customers, patients, vendors, shareholders, and the general public;
  • An Employee Assistance Plan, outlining what management expects of employees during the emergency, and how they will support employees during the disruption.

The Four Areas of a Business Continuity Plan

Business Impact Analysis

A business impact analysis (BIA) is a systematic process used to evaluate the potential effects of an interruption to critical business operations. During this risk assessment, operational and financial consequences should be considered for different loss scenarios, capturing the impact of a pandemic versus a cyberattack, for example.

Here are a few important things to consider in a BIA:

  • Identify all critical business functions and processes. Record how each task is performed, who performs it, and the impact on the business should it be interrupted. Consider the effect for a day, a week, a month, and so on.
  • Identify key contacts for every department and division and their responsibilities.
  • Record the company’s organizational structure and identify alternate points of contact, should the structure be disrupted (for example, if a team leader were to become incapacitated).
  • Consider all vendors the business relies on. How would a business interruption impact them? How would you be affected if they had a business interruption? Identify “Plan B” vendors if they are critical to your operations.

There are many tools available to help create and organize a BIA, including questionnaires, data flow diagrams, and BIA software that can help you gather the necessary data.

Recovery Strategies 

After identifying the critical components, you must prioritize them. Identify what resources you have in place currently to protect the company from a negative consequence. Then conduct a gap analysis to determine what additional support you require to get things running again in the event of an emergency.

Keep in mind that recovery strategies may vary along with the disaster that has occurred. For example, if your network is compromised, who knows how to stop the breach and restore your backups? If you have to evacuate your space suddenly, how would you replicate your working environment?

Plan Development

This is the stage when everything comes together in a formal document that will ultimately be shared with all relevant personnel.

  • Document a framework for how recovery will take place, organized by department and solutions.
  • Develop a recovery team that will be responsible for oversight and coordination. All members should have copies of the plan on a flash drive and printed inside a binder.
  • Identify relocation plans, should your physical space become compromised, or an evacuation becomes necessary.
  • Consider manual workarounds for all critical processes, should your technology or machinery become compromised or inaccessible. For example, can scheduling or reporting be completed in an old-fashioned way (paper and pencil)? Should schedules, appointments, or deliveries be printed daily, so customers and patients can be contacted in the event of an office disruption?

In addition to the above, you will need a comprehensive IT Disaster Recovery Plan that addresses the company’s data, software, and hardware needs, as well as accessibility. For example, in the event of a cyberattack, how will you stop the breach, recover your data, and keep operations running in the process? Should your office be inaccessible for any reason, which employees can work from home, and how will they do so? You’ll need to consider remote access, security protocols, software and hardware needs, and much more.

Testing and Training 

Every aspect of a business continuity plan must be tested and proven. Everyone must know what is expected.

  • Begin by simulating different types of disasters. Ask yourself: what worked, what could have gone better, and what was forgotten?
  • Update the plans according to your findings, and test again.
  • Train staff on all relevant aspects of the plan, and ensure the processes are documented so new employees can quickly be brought up to speed (you never know if a disaster can happen during an employee’s first week).
  • Ensure there are multiple copies of the plans, on-site as well as off-site, in print as well as digital.
  • Update the plans as needed to account for new technologies, infrastructure, processes, team members, etc.

Failing to Prepare is Preparing to Fail

Businesses fall into three categories when it comes to business continuity planning:

  • Those with a formal plan are quickly able to resurrect their operations in the event of an emergency. It is likely these businesses already planned for work-from-home scenarios, and in the current pandemic, experienced minimal downtime.
  • Businesses with drafts of untested plans and loose guidelines may or may not be able to mitigate their losses. In the case of COVID, most companies had time to fill the gaps in their planning and get their teams operational. Had the emergency been an immediate shutdown due to a natural disaster or cyberattack, this group may have suffered more.
  • Businesses who have placed business continuity planning on the back burner, hoping never to have to deal with it, suffer the most. These companies are left exposed to business interruption, data loss, revenue loss, as well as eroding customer trust, long-term lost business, and a jeopardized brand.

Emergencies capable of crippling a business can happen at any time, to a business of any size. Don’t get caught unprepared. Feel free to contact us if you would like to discuss your Business Continuity Plan.


How to Work from Home Efficiently (Tips for Individuals and Organizations)

work from home

During this unprecedented time, nearly every business in America has transitioned to a work-from-home environment. This shift happened almost immediately and without notice. The transition has been harder for some organizations than others. This article describes the three most common ways organizations are set up for remote access and provides tips on how to ensure you and your team are working as efficiently and securely as possible.

These are the three most common ways that employees access their systems remotely:

  1. Your organization’s data is hosted in the cloud.
    Team members can easily access everything they need from virtually anywhere because all company data and programs are cloud-hosted. Organizations that have already made the jump to the cloud have had the smoothest transition to a remote workforce.
  2. You use a VPN (Virtual Private Network) to login to a server or desktop.
    In this scenario, employees are using VPN software to access the corporate network.
  3. You use remote control software to remote into your desktop.
    This option allows employees to access the computer in their office by using remote control software such as LogMeIn, GoToMyPC, or something similar.

In every scenario, there are fundamental things you need to consider to ensure you are working efficiently and securely.

Essential Things to Consider When Working from Home

Setting up an Efficient Workspace. Many of our office desks are equipped with multiple monitors, a docking station, a wireless keyboard and mouse, and a comfortable chair. Our company-supplied computers are usually robust and running the latest operating system. We have access to a corporate high-speed internet connection, commercial-grade printers, and all the office supplies needed to perform our jobs efficiently.  So how do you replicate this setup at home?

Here are some areas to focus on when setting up an efficient workspace at home:

  • Set yourself up in a room that allows for some privacy and separates you from typical family distractions. Make sure your workstation is ergonomically friendly and includes a comfortable chair and desk, as well as whatever office supplies you may need (e.g., pens, paper, stapler, etc.).
  • Confirm your home internet connection is robust enough to support your workflow. If using a secure home wireless network, make sure the room you are working in has proper coverage.
  • Will you be using an office computer or your home computer? Make sure your computer is robust enough and updated to the latest operating system.  (More on this later.)
  • Do you have all the right peripherals (i.e., a printer, scanner, webcam, additional monitor, etc.)? Make sure you have supplies for all these devices, such as ink, toner, paper, etc.

Security. Security plays a crucial role in maintaining a remote workforce successfully, no matter how you’re accessing your data. Hackers are paying attention to this opportunity. They know people are working from home in less secure environments than their offices, and they’re looking for ways to exploit this. It is important to remember that every individual’s home network provides an entry point into the corporate environment. Therefore, it is critical to secure every computer and home network. 

Here are a few things to confirm:

  • Are you working behind a firewall or secure router?
  • Is your wireless network secure?
  • Is your computer’s Operating System up-to-date and patched for vulnerabilities?
  • Does your computer have an up-to-date anti-virus program that runs regularly?
  • Be aware of an increased amount of spam and phishing attacks. Hackers are using this pandemic to get access to your personal information. 

Company Data, Applications, and Backup.  When working remotely, we may access data differently than when we are at the office.  Here are a few things to keep in mind when it comes to accessing company data and applications remotely:

  • Where are the applications and corresponding data stored?
  • How will you ensure that data is saved properly within the company’s structure, and not inadvertently on your local hard drive? Doing so would increase the likelihood of version control issues and even lost data once returning to work.
  • If you are saving data locally, are you backing it up?

Management, Communications, and Collaboration. When working remotely, it’s a little harder to pop by someone’s desk and ask them a quick question.  Cloud-based (VOIP) phone systems are perfectly designed for this type of situation. They are portable and allow you to remain as available as if you were in your office. Clients and co-workers can call you, and your extension will ring right in your own home office. 

Also, consider how you will communicate with your team members and supervisors. Will you host conference calls or video calls to maintain a sense of how things are progressing? Is it important to maintain a particular culture, encouraging individuals to live chat or get together for virtual happy hours?

There are numerous options available to do this, including Microsoft Teams, Zoom, Slack, Skype for Business, GoToMeeting, Google Hangouts, and UberConference, to name a few.


Clearly, numerous areas need to be considered when working from home and supporting a remote workforce. Do not hesitate to give us a call if you need guidance on how to create a more efficient and secure environment for your company and yourself.


Ransomware Protection Guide

Ransomware has become an epidemic in today’s IT world. It has locked down hospitals, universities, small businesses, and individuals all over the world. We’ve updated our Ransomware Protection Guide to include additional tips to help you protect yourself and your business.

What is Ransomware?

Ransomware is malware that infects your computer by locking access to your files until you pay a ransom – usually in Bitcoin. The malware typically gets on your computer through a malicious email or website. Hackers can also deliver it straight to your computer if it’s already been compromised.

Ransomware is replacing credit card theft as the number one scam for cyber criminals. Unfortunately, antivirus software alone is not enough to protect you from this threat. 

How Can I Protect My Data from Ransomware?

ACT recommends multiple layers of protection to defend against the latest risks. Here are some best practices to protect your network against ransomware:

  • Backups

    • If set up and maintained correctly, backups are the only guaranteed defense against ransomware. This goes beyond a periodic copy of your data. Best practices include snapshot image-based backups that are captured multiple times per day and kept securely both on-site and off-site.
  • Antivirus and Anti-malware Software

    • This is technology 101. Everyone needs to be running antivirus software on all their appliances…yes I said all. Desktops, laptops, iPhones, Androids, Macs, etc. Nothing is off-limits these days.
  • Firewall with UTM

    • In the old days, firewalls were the doors that kept the bad guys out. The problem now is that end-users are clicking on malicious emails and websites unknowingly, opening the door and inviting them in. Many firewalls today contain unified thread management features (UTM) that provide a suite of protection against today’s threats.
  • Operating System Security Updates and Service Packs

    • When was the last time your servers or workstations were updated? Microsoft is regularly releasing updates, patches, and security fixes to keep their operating systems up-to-date against vulnerabilities. Make sure you are installing them timely.
  • Email Security Software

    • If you find yourself weeding through dozens of junk emails on a daily basis, then it’s time to upgrade what you are using for email security. Cloud-based email security systems can stop threats before they ever make it to your company’s mail server. Spam, viruses, and malicious URLs are some of the easiest ways for ransomware to infect users.
  • Password Policies

    • Enforce strong password policies, encouraging passphrases, forcing employees to change passwords periodically, and not allowing them to reuse past passwords.
  • Multi-Factor Authentication

    • Use multi-factor authentication (MFA) for an extra layer of network security. Even if your passwords are stolen, MFA should prevent hackers from gaining access.
  • Domain Name System (DNS) Intelligence

    • DNS is the starting point for internet connectivity across all devices. Providers are now using DNS to secure networks in ways beyond the standard security products out there. This gives clients another layer of security across all platforms in their organization by protecting them from malware, botnets, phishing, and others.
  • Security Policies

    • One quick and easy way to help reduce the risk of ransomware on your network is to limit employees’ access to the network. There are a number of ways to do this. For example, you can remove permissions to specific files and folders, lock down desktops, and remove administrator roles for standard users, just to name a few. Keep in mind that malware can only access what the infected employee has access to. Thus, limiting employee access minimizes the threats.
  • Education

    • Employees are the front line to most businesses. Any email they open, attachment they click, or website they browse could be compromising the business. Many ransomware attacks can be prevented through employee education and training. This can be as simple as creating handouts for employees to review periodically, or maybe an occasional lunch-and-learn session. Remember, know before you click!
  • Did I Mention Backups Backups Backups?

    • Backups are so important that it has made the list twice. And don’t forget, the only way to truly know if your backups are working is to run a periodic test. Don’t wait until your network is compromised to find out that your backup may have failed.

So ask yourself: Is your business safe? Contact us to learn how a Security Assessment can help you determine how well your network is protected.


How to Develop a Strategic Technology Plan that Cuts Costs and Increases Profitability

Written technology plans are one of those things we rarely see when we visit clients for the first time. It is far more common for companies to simply incorporate a handful of technology needs into their business plan (if they have one) and have a single line item for IT inside their budget, to be spent as needed throughout the year.

Here’s the problem. Technology pervades everything we do. How we communicate, conduct research, create and archive mission critical documents, order supplies, and so much more is all made easier with the right technology (and infinitely harder when technology fails us).

That is why to remain successful and competitive in today’s environment, every type of company benefits from having a written strategic technology plan. When developed and implemented properly, the plan supports growth goals, streamlines operations, maximizes budgets, and increases profitability.

What to Include in Your Strategic Technology Plan

  • Written short- and long-term goals, along with a strategic plan to support those goals in a cost-efficient manner;
  • A budget that supports strategic investing — not reactive spending — to patch problems throughout the year;
  • Ongoing systems monitoring to proactively ensure everything is running smoothly, not an IT team that shows up only after a failure has occurred and disrupted your life;
  • An IT team that is well-versed in your industry and understands how you operate, including the ability to support your specialized software; and
  • A summary of all software needs, including a budget for training and support (where applicable). It should also reflect of the availability of niche discounts (often unadvertised – but they’re out there!)

Inside of the technology plan, we highly recommend you include a budget that covers your ongoing technology costs. Hardware, software and accessories are obvious inclusions. You should also allow for general maintenance, troubleshooting of servers, network and desktop issues, emergency fixes, vendor management, and consultations each year to review your environment and future needs. Managed Services packages are an ideal solution to help you do this in a cost-efficient manner. For one set fee, your IT company should guarantee you proactive support and guidance 24 hours a day, 7 days a week, and 365 days a year. In addition, this support should be available both on-site and remotely.

Ask yourself:

  • Do you have a strategic plan that will support your goals over the next 1, 3 and 5 years?
  • Does the plan specifically outline how goals will be achieved?
  • Does your budget include someone to proactively monitor and repair your network to minimize interruptions?
  • Are you confident the budget you’ve been given will be enough to cover everything that comes up during the year?

Developing a written strategic technology plan can be overwhelming, but in our experience, the time spent pays for itself in the long-run.

To learn how you can develop a realistic technology plan and budget for your business, contact our specialists today.


A 12-Step Approach to Protecting Data and Securing Your Network

In virtually every business environment, a wide variety of personal and ‘approved’ devices are used throughout the day. This includes computers, tablets, smartphones and other Wi-Fi enabled devices. Each piece of equipment puts your entire network at risk if it is not properly secured and managed.

You have a responsibility to protect the private information you collect about everyone you interact with. Whether it’s your employees, customers or business providers, you likely store an incredible amount of sensitive information, such as social security numbers, credit card numbers, and other sensitive data. A system breach could result in hundreds or even thousands of individuals having their privacy and finances compromised. That is why defending against ransomware and viruses is a top priority among businesses today.

Ask yourself:

  • Do you have policies and procedures in place to secure every device you provide?
  • Are you sure you have adequately secured your network?
  • Are you confident all your data is backed up daily, both on-site and off-site?
  • If there is a system failure or breach, do you know how you will identify and stop it? And are you confident your operations can be brought back online without loss and in a timely manner?

If you cannot confidently answer ‘Yes!’ to these questions, keep reading.

It is highly recommended that businesses of every size have multiple layers of protection in place to secure their data and defend against the latest risks. Below is an example of ACT’s 12-Step Security Plan that is implemented for all clients. These are areas you should address within your own companies – at a minimum:

  1. Ensure all devices – desktops, laptops, smartphones, and tablets – are running the most up-to-date antivirus software available.
  2. Upgrade your firewall with Unified Thread Management Features (UTM).
  3. Install the latest security updates/patches to your operating system.
  4. Implement a cloud-based email security system to capture spam, block phishing scams, and stop threats before they ever make it to your mail server.
  5. Implement a secure DNS solution that can protect your business beyond its perimeter.
  6. Enforce strong password policies, encouraging passphrases, forcing employees to change passwords periodically, and not allowing them to reuse past passwords.
  7. Use multi-factor authentication (MFA) for an extra layer of network security. Even if your passwords are stolen, MFA should prevent hackers from gaining access.
  8. Implement a hybrid solution that combines an on-site backup system that synchronizes real-time with a secure cloud-based storage system, providing maximum protection and quick restoration in the event of a disaster.
  9. Periodically test the backup system so you are 100% certain it’s working.
  10. Document a disaster plan to ensure your entire team understands what to do in the event of catastrophe.
  11. Implement network security policies that limit access to certain parts of the network.
  12. Educate staff, vendors, and anyone else who accesses your network on what they can (and cannot) click or download.

Ensuring the areas above are addressed on an ongoing basis should keep your company’s network and data secure. To learn more about this approach and how it can help protect your business, contact us today.


Technology is Changing Fast. How Can Your Organization Keep Up?

Technology changes fast. Software upgrades are made available each year, often requiring companies to repurchase and reinstall each license. Plus, with the ever-growing amount of applications and data you need to access and archive, computers and servers frequently need to be added or upgraded, resulting in rising technology costs each year.

Ask yourself:

  • Are you tired of repurchasing and reinstalling new software every time an upgrade is required?
  • Are you using old computers and running older versions of software to minimize your costs?
  • Are you experiencing compatibility issues with applications, other computers, or outside companies?
  • Are you increasing your risk by allowing people to share logins and passwords because you are short on licenses?
  • Are you 100% confident that your operating system and every device connected to your network is secured?

The problems above can be resolved with two distinct services: Hardware-as-a-Service (HaaS) and Cloud Computing. They offer businesses flexibility, reliability, security, accessibility, and scalability.

Hardware-as-a-Service

Hardware-as-a-Service is similar to leasing or licensing. The hardware (e.g., computers, servers and networking devices) is installed in your office but belongs to the managed service provider. You pay a flat monthly fee, allowing you to set a reliable budget that can include your hardware, software, maintenance, and installation.

Let’s face it: hardware is a depreciating asset. Therefore, investing in HaaS provides certain advantages, such as:

  • Minimal upfront costs;
  • When hardware reaches the end of its useful life, it is refreshed by the managed service provider at no cost to you; and
  • Should the hardware fail or become outdated, it is the managed service provider’s responsibility to repair or replace it.

Cloud Computing

Cloud Computing is another service that is tailored to the specific needs of your business and can be budgeted as a fixed monthly expense, rather than incurring a large upfront cost. Below are some of the many advantages to cloud computing solutions:

  • 24/7/365 anywhere, anytime access
  • Increased employee productivity
  • Immediate remote IT support
  • Highly secure and reliable
  • Data centralization
  • Automated data backup and archiving
  • Hosted email, providing uninterrupted access
  • Efficiently roll-out new software, with minimal interruption to your staff
  • Expandable file storage and sharing
  • Unlimited capacity
  • Minimal space needed to house equipment. Ditch that server room and use it for something more profitable.
  • Significantly lower IT expenditures annually

Many companies offer cloud computing services, so it’s important to understand what you need and what you are getting before you sign a contract. Here are some key questions to ask your provider before committing:

  • Can I pay for only the resources that I need, adding space when necessary?
    Your contract should provide some flexibility, allowing you to add – and even reduce – your commitment as your needs change.
  • How do I know my data backups are working?
    Don’t wait until you need the backups to discover a failed implementation. Someone should periodically test the backups to ensure everything is working.
  • Can you describe your redundant server architecture?
    A redundant server environment must protect your data. Then, if the server housing your data were to fail or become compromised, the redundant server can be brought online immediately, minimizing and even eliminating your downtime. The best environments will include multiple power sources, multiple generators, and redundant internet providers.
  • Do I need any on-site equipment?
    There are different options available, ranging from maintaining a local server in your office to operating completely remotely. Understand the pros and cons before you choose.

As a final note, to help your company not only keep up with technology but also leverage it most advantageously, assess the IT resources you have in place. Whether you have an entire technology department, a single professional managing your needs, or outsource everything, it is critical that you have the right professionals watching over you. Their ability to maintain your network, secure your infrastructure and troubleshoot daily needs can mean all the difference in the world.


Which Type of IT Support is Right for You?

Ensuring the right mix of IT support is important for every business, regardless of industry or size. For some, it means a full-time professional or even an entire department. For others, it may mean a part-time professional or tech-savvy staff member who provides support in addition to their other duties. Then there are the businesses that have no internal support; choosing to outsource the entire IT function or simply call on a provider when problems arise.

Let’s discuss the pros and cons of each scenario.

Large companies with full-time IT professionals on staff

Internal IT departments are often expected to provide full IT services, ranging from helpdesk support to developing strategic plans and budgets. However, the skillsets of the professionals on staff need to be considered carefully, along with how much time they have to fulfill their duties.

Some IT professionals find themselves immersed in daily troubleshooting, handling individual requests for desktop support and trying to maintain and update computers and devices as they go. This may leave them limited time to proactively monitor, patch and test operating systems, backups and disaster recovery solutions.

In other cases, the full-time professional is responsible for higher level work, creating strategic plans and budgets, and researching new and innovative ways of doing things. Here, they may find themselves falling behind on supporting individual support requests.

Outsourcing a portion of your IT needs may be a good solution to provide your company with more consistent and thorough support. A strong managed service provider can supplement your existing internal resources. They can handle a piece of infrastructure such as managing networking equipment and servers and overseeing security services, leaving ample time for your internal resources to support your daily needs. Or, if your IT executive prefers to remain focused on the higher level needs of the company, a managed service provider can be responsible for providing on-site and remote helpdesk support.

The bottom line is that the right managed service provider should be able to devise a solution that will compliment and supplement your existing resources, providing you with comprehensive coverage.

Companies with a part-time support person

Many small and medium size businesses have an internal IT person, ranging from a part-time desktop support person to a tech-savvy employee who works on the network in their spare time.

The latter scenario can be problematic because the IT responsibilities take time away from the individuals and programs the organization exists to support. And while desktop support professionals can be valuable for daily on-site troubleshooting, they are often not well-trained on the intricacies of running a secure and speedy environment that can support dozens, or even hundreds, of devices. In addition, part-time support professionals often find themselves reactive, rather than proactive, racing to patch holes and clean computers after they become infected, spending valuable time troubleshooting network performance issues and working with end-users to troubleshoot individual problems.

In this case, outsourcing a portion of your IT needs can be tremendously beneficial. Speak with a managed service provider to learn how they can supplement the skillset of your internal resource. Options will range from providing helpdesk support as needed to providing proactive managed service solutions that will keep your network and all connected devices secure and up-to-date. There are also specialized services to consider, such as managing your backup and disaster recovery solutions, running security assessments, and developing strategic technology plans to support growth goals.

Companies with no internal support who outsource some (or all) of their IT needs

Those with no internal support and no managed service contract in place are often forced to spend reactively, paying a consultant or freelancer by the hour to fix problems that have occurred. The obvious problem here is that you are now suffering from disruption, possibly lost data, unable to control your budget, and have no plan for the next day, let alone the rest of the year.

Partnering with an IT consulting firm that offers managed services is critical in this scenario. Any business that employs multiple computers and devices, relies on the internet for research or communication, or is responsible for securing data, needs to have a technology support system in place. There are two distinct options to consider, based on needs and budget: Pay-As-You-Go and Managed Services.

Defining Pay-As-You-Go vs. Managed Services

Pay-As-You-Go. Some IT firms charge hourly and fix problems as they occur. Special projects can be completed upon request and are billed based on time.

This scenario sometimes works for companies with an internal person who is very capable of handling the majority of daily troubleshooting and also has the time and skillset to handle the proactive and sometimes complex issues associated with managing and securing an entire network and the many devices that connect to it.

For those with no internal support it could become cost- prohibitive and leave dangerous gaps in their infrastructure support.

Managed Services. Another option is called Managed Services. An IT team is placed on retainer for a fixed monthly fee, and functions as your outsourced technology department.

Where appropriate, a managed service provider can augment an existing IT professional based on your individual needs. This is particularly useful when a reliable backup option is needed because the employed professional is unavailable, whether it’s due to illness, vacation, holidays or after-hours.

Where no internal team exists, this is the best option for providing a full technology solution in a cost-effective manner.

Managed service contracts are typically comprehensive, providing services such as:

  • 24/7/365 proactive monitoring to detect issues before they impact you
  • Immediate remote support, as well as on-site support for big and small issues
  • Proactive updates and upgrades for all software and operating systems for every device that is part of your company’s network
  • Enhanced firewall and security management
  • Automated data backup
  • And much more

Ask yourself:

  • Are you confident your IT professional understands the intricacies of maintaining a fast, secure and scalable system that can support every device that connects to your network?
  • Can they respond to an emergency immediately?
  • Have they helped you develop a long-term plan to support your growth goals?

If not, contact one of our specialists at info@act-tek.com or (973) 758-0500 to learn how managed service solutions can have a positive impact on your business.


Getting the Most out of Your IT Budget

The cost of hardware, software and accessories can quickly add up when you want to provide appropriate tools to every valuable player.

We’ve talked with owners who acknowledge their employees share computers and passwords because they believe it is cost-prohibitive to upgrade their hardware and software. We’ve visited businesses that are using older computers and operating systems that are no longer compatible with the newest software packages, forcing employees to complete tasks manually and inefficiently because their technology is unable to support their needs.

Many businesses simply add a line item to the budget that is comparable to the past year, and then hope it is enough to cover their needs. But we believe there is a way to look at this process more strategically.

Determine What is Needed
The first thing you should do is determine what you need. Putting a strategic technology plan in place, complete with written short- and long-term goals, helps ensure that your investments will improve the organization in a tangible way. Once you’ve determined your goals and the programs that are needed to fulfill those goals, figure out what it will cost. You can further dissect the numbers to identify areas where you can save and maximize your dollars later.

Action Steps That Will Help Control Your Budget
Here are some action steps you can take to help you develop and control your IT budget:

  • Identify every program and individual that requires some form of technology, as well as the specific technologies you believe they require (i.e., hardware, software and accessories)
  • Determine what level of technical support each program and individual require
  • Set short- and long-term goals for every program
  • Determine your total or allocated budgets
  • Identify areas that can be centralized (e.g., email)
  • Identify areas that must be maintained independent from others

In addition, many businesses don’t realize they may be eligible for a variety of unadvertised discounts on new equipment and software purchases, allowing them to increase their purchasing power.

Finally, ensure you have the proper level of support available at all times, including a proactive system in place that actively monitors and manages your entire network. We have seen budgets blown apart when a network malfunctions or a breach occurs, and significant dollars are spent repairing and replacing hardware and software. Working with a professional who can provide Managed Services is the best practice, as this guarantees you around-the-clock system monitoring and proactive system maintenance, along with a variety of other services, for a pre-determined monthly fee, helping you to control your IT consulting costs.


15 Best Practices that Help Prevent Cyber Attacks

Do you know what your greatest vulnerability is? It’s your people. Employees unknowingly click on malicious links and download a host of viruses and malware every day. In fact, there is a hacker attack every 39 seconds and 63% of all network intrusions are due to compromised user credentials.

Here are a few other disturbing facts:

  • 43% of cyber attacks target small businesses.
  • 60% of small businesses go out of business within six months of an attack.
  • 78% of people claim to know the risks of clicking on unknown links; yet they admit they still do!
  • 1 in ever 131 emails contains malware.

Since your employees are your first line of defense, it is vital to create a culture where security is top of mind. 

15 Best Practices to Implement Immediately

  1. Update the security software on your network and every connected device. Keep it current by turning on automatic software updates. That goes for your operating system and web browsers too.
  2. Get proactive with your anti-virus software by confirming that it’s running on all devices, scheduling automatic daily scans, ensuring it’s updating regularly, and educating staff on how to run manual scans on new downloads.
  3. Make sure your network is protected with a firewall. This is one important way to keep the bad guys out. If you don’t have a firewall appliance, make sure you have a software-based one enabled on your computer.
  4. Enforce strong password policies, encouraging passphrases, forcing employees to change passwords periodically, and not allowing them to reuse past passwords.
  5. Use multi-factor authentication (MFA) for an extra layer of network security. Even if your password is stolen, MFA should prevent hackers from gaining access.
  6. Restrict where sensitive data can be stored. Don’t allow personally identifiable information (PII) to be copied to an external drive or saved in a location outside of your secure network.
  7. Assess how your telecommuters work. Are they using a home computer for work, and possibly transferring files via an unencrypted USB drive? Is their home wi-fi network secure? Consider setting up telecommuters with a secure work device and setting firm rules around the computer’s use.
  8. Back up data on a regular basis (every day, every hour, or real-time, depending upon the nature of your business). Backups should be stored on-site and off-site and periodically tested to ensure they work.
  9. Safely manage email; it’s the biggest source of security breaches! Tips include never opening attachments or clicking on links from an untrusted source; never sending confidential information over public email (use a secure encrypted service); only using an official business email address that is protected by a spam filter (not personal accounts); and being wary of email phishing and extortion scams.
  10. Wipe hard drives before disposing of old devices, including computers, tablets, printers, copiers, external hard drives, flash drives, and fax machines.
  11. Don’t neglect mobile devices. Download apps from trusted sources and allow them to update regularly. Implement strong authentication, such as fingerprint recognition or a strong passphrase. Configure app permissions immediately after downloading.
  12. Protect your social networks by limiting who has administrative access to your account, setting up strong authentication, and carefully configuring privacy settings.
  13. Create policies for using USB drives. Disable auto-run and scan the drive before opening files. Don’t allow personal USB drives to be plugged into a work computer. Don’t allow sensitive information to be stored on an unencrypted USB drive.
  14. Establish a guest wi-fi channel that restricts access to sensitive areas.
  15. Educate employees on what they can and cannot do on their work computers, and how they can help strengthen spam filters by reporting suspicious emails and events. Also be aware of what your third-party vendors are accessing.

5 Steps to Take When Developing a Formal Cyber Security Plan

  1. Identify your sensitive data. Determine what you need to protect, such as employee social security numbers and payroll information; customer data; credit card information; and company secrets (proprietary formulations, patents, etc.). Ensure you know every location where copies are stored.
  2. Protect it. Assess what needs to be done to properly protect everything you’ve identified.
  3. Create a detection and alert system. Set up systems that will alert you if an incident occurs, including the ability for employees to report problems as they occur.
  4. Develop a response plan. Ensure everyone knows their role in helping to contain an attack and assess the damage.
  5. Develop a recovery plan. Once business operations are restored, you’ll need to determine if anything was lost and if you have any legal obligations to alert customers, vendors, and board members.

If you need help with any of the above steps, contact an ACT specialist today to learn how our Comprehensive Security Assessments can protect your organization.


An Objective Look at Hosting Data in the Cloud vs. In-House

Cloud Storage vs In-house Hosting

For the past few years, there’s been a lot of buzz about migrating data to the cloud. For many, making the decision as to whether or not to rely on cloud computing and storage is not an easy one.

It’s a bit like the renting vs. buying argument. When you upgrade your current on-site infrastructure you are faced with a larger upfront cost for hardware and software, along with installation and ongoing maintenance costs. If you choose the cloud, the upfront costs are smaller but the monthly cloud fees are never-ending. There are other considerations as well. Let’s take a closer look and compare these two options.

Hosting Data in the Cloud

Cloud HostingHosting data in the cloud means you are paying a hosting company a monthly fee to host your information in their datacenter. The physical security of these facilities is pretty intense; some require a retina scan just to enter. Included in the monthly fee are services such as redundant internet, power sources, and servers; as well as other things like regular backups and email services.

Here are some of the benefits of migrating your business to the cloud:

  • The Lights Are Always On! Datacenters where cloud providers host their infrastructure have both redundant power and internet access. The power is usually sourced by two or more providers and backed up with enterprise level battery backups and generators. The datacenters also host a number of internet service providers, giving redundant internet access to all their clientele.

  • Flexibility. With the pay-as-you-go model, it makes it easy for companies to scale up or down as needed. Datacenters can easily accommodate companies in growth mode that need to add more bandwidth or resources; and can just as easily scale back resources when not needed. In both cases, your monthly fees get adjusted accordingly.

  • Low Capital Expenditure Costs. Most businesses have to replace their servers every three to five years. This recurring investment can have a significant effect on a company’s cash flow. Hosting your data in the cloud eliminates the need for hardware refreshes, as this becomes the cloud provider’s responsibility and is included in your monthly fee.

  • Work from Anywhere! When your data is hosted in the cloud, all you need is an internet connection and you are at work. Although remote access isn’t a new concept for most companies, the remote technology used by cloud providers is quite superior to the applications typically used to remotely access office computers.

While interviewing potential cloud providers, be sure to ask for a full list of what is and is not included in your hosting agreement. Different providers include different features. For example, there may be licensing and firewall costs that need to be considered, along with bandwidth and data transfer capacity limits that you need to understand to avoid running into performance problems or overages. Remember, knowledge is power!

Keeping Data Hosted In-House

In-House IT storageThere are some business owners who have a tough time with the idea of their data sitting on someone else’s servers. The cloud can be scary when you don’t know where your data is kept, who has access to it, and who is securing it. The most important thing in this scenario is to ensure you are securing and backing up your data regularly, as well as testing your backups to ensure they are in working order should you ever need to restore it.

Here are some reasons for keeping your data stored in-house:

  • Peace of Mind. With an in-house server, you know exactly where all your company data is at all times. In addition, some companies must keep certain applications in-house for compliance reasons.

  • Costs. Cloud storage is essentially “renting space” vs. “buying space.” While many cloud providers advertise cheap monthly hosting fees, it’s important to add up all the expenses involved in order to properly compare the investment. In addition to the monthly hosting fee, you’ll need to consider backups, security updates, maintenance, and more. These fees can really add up over time, and in some cases far exceed the costs of an in-house network.

  • No Outages or Connection Issues. Just because your cloud provider claims 99.95% uptime, that doesn’t necessarily mean you can always access your data. In fact, earlier this year Amazon Web Services (AWS), one of the largest cloud providers in the country, suffered a half-day outage. This left thousands of companies without access to their data. Other disruptions, such as power and internet outages, can also leave you without access to your data when stored in the cloud.

  • Security. Now this is an area that can be argued on both sides. In the virus/ransomware era of cloud computing, securing your data should be your number one priority. Cloud providers are a target for hackers, leaving some with the feeling that their data is more secure when stored in their own facility. Questions to ask a potential cloud provider include: “What measures have they taken to protect your data from the next cyber-attack?” And “Could another customer’s threat affect your data?” On the other hand, some cloud providers offer real-time security updates and patches; but be sure to verify that it’s included in your monthly service or your data may be vulnerable.

No matter how you feel about it, cloud computing and storage is here to stay. When deciding whether it makes sense to migrate your company’s infrastructure to the cloud, be sure to weigh all the factors involved and clearly understand the benefits of each. Don’t jump on the cloud bandwagon simply because everyone else is; but don’t ignore it simply because you may be unfamiliar with how it works. Ultimately, your decision should support your anticipated growth and add to the productivity, profitability, and success of your company.