Saturday, December 22, 2012

Reducing IT Costs: The Five Pillars of Computer Dependability and Longevity that Save Your Company Money

Reducing IT Costs: The Five Pillars of Computer Dependability and Longevity that Save Your Company Money  

Part One - Avoiding the Lemons Is Easier Said Than Done

We all heard the term “Lemon” as it applies to a product that is bad, unreliable, or simply doesn’t work.  What makes any product a “lemon” is poor design, not just quality control. Even if, you have a manufacturer renowned for product reliability such as Toyota, that manufacturer can still produce a product that needs to be recalled.

The first pillar of the Computer Dependability and Longevity that Save Your Company Money is to avoid purchasing that computer application or hardware with poor design or is a “lemon”.   Unfortunately, in the ever changing environment of computer technology that is easier said than done.  It is easy to get fooled by the hype and sucked into keeping up with the Jones so we are not left behind in the old technology dust.  Even so, try to fight buying on impulse and follow the best practices below before purchasing any computer product:

Purchase products that have a proven track record

What I’m saying is a “product” that has a proven track record, not simply a manufacturer with a track record.  This means do the following:

1.    Avoid being a “first” adopter of new technology

2.    Purchase products that have been on the market for six months or more

3.    Check any and all product reviews about the product

4.    Check any “troubleshooting” forums that mention the product.  This is the advantage of waiting at least six months.  After six months these forums should be replete with complaints about the product.  Review these complaints to determine what you are really purchasing

5.    Buy business models. When you’re buying new computers for your business, look at the business models instead of the home models. Manufacturers (Dell, HP, etc.) change the components in their business machines less frequently, and only after testing the components in their “home” or “consumer” models.  This is reason behind the longer warranties you get with a business model. 

Whenever possible, test the product before you make the purchase

You may find the product that has good design and is reliable, but it may not pair well with the other software or hardware in your computer or your company computer network.  You can do this by doing the following:

1.    If it is software, obtain a demo.  Run the demo on a typical computer in your network. 

2.    Buy one copy or one device and test it before purchasing multiple devices.

3.    Setup a “test” computer that you don’t mind crashing.  You can use virtualization and imaging software to create you “test” computer so there is NO need to purchase additional hardware. 

Ask your computer support tech or company if they do the following

You can get invaluable advice if your computer support company does the following…

1.    The computer support company has their own “lab” where they test products

2.    The computer support company belongs to industry trade associations and regularly attends meetings.  Whenever techs get together they ultimately will discuss horror stories about products. These associations also provide a resource that your tech can tap into and obtain information from other techs who have had experience with a product.

3.    Avoid working with computer resellers who try to push you into adopting the latest technology. 

4.    Find a computer support company that is exclusively a consulting company or one that makes 80% of their revenue from consulting and less than 20% of revenue from product sales.  At least the financial incentive of the computer support company will lean heavily toward support and not product sales.  Essentially, they are forced to support the products they sell.

5.    Avoid Break/Fix computer companies.  They charge by the hour and they make their money when your computer breaks down.  It is the wrong financial incentive to pay a tech only when the computer breaks down.  From a Break/Fix support company’s view there is little financial incentive to prevent computer issues. The financial incentives lean to much toward the expensive fix as opposed to preventing the expensive fix. Find a company that will agree to work for a flat fee for all support and maintenance including system replacements…yes, they are out there.    

Part Two: Why variety increases your business computing costs

Thursday, October 11, 2012

Why Don't Computers Get Any Respect?!

Why do so many business owners treat their computers like Rodney Dangerfield... they just don't get any respect!  They are an after thought, an annoyance, or unfathomable gadget that is here today and gone tomorrow.  The truth is that we have become so dependent on computers to perform some of the most basic business tasks we could never imagine being without them.  And, frankly our businesses couldn't function with out them. Why does it take a crisis or major disruption before computers get any respect?!

Anita Campbell wrote an article "5 Success Tips You Never Learn in School" for the online magazine Small Business Trends that echos my sentiment above.  The fourth tip in her article is "Treat Your Computer Systems Like a Factory Production Line".

Anita Campbell explains, "For millions of business owners like me, our computers are the biggest set of business equipment we have — and they’re crucial. Without a computer system, I cannot operate my business.Yet, why do so many of us still treat our computer systems as if they’re discretionary gadgets? That’s one of the mysteries of the universe. It’s the Rodney Dangerfield syndrome — they “get no respect.” We don’t back up our data regularly. We don’t do maintenance (such as de-fragging or critical updates) the way we should. Our electronic files are a disorganized mess. We practically ignore our computer systems until a problem happens. Then the problem turns into a full-blown crisis."

So, why do so many business owners ignore their computer systems until there is a full blown crisis?  And, that crisis is often a major disruption that can be very expensive due to not only repair costs, but also lost productivity or business.  As the industry saying goes, "There are those that backup their data, and then there are those that WILL backup  their data!"   Why does it take a crisis or major disruption before computers get any respect?! 

I agree with Anita Campbell that the aforementioned seems to be one of the mysteries of the universe, but I believe the essential answer to that mystery is as follows:  If you don't want your business to come to a grinding halt, because your computer systems aren't functioning, then your goal should be to find ways to prevent problems from occurring or at least minimize the impact of computer disruptions.  It seems to me that most business owners would like to accomplish the aforementioned goal, but don't know the "how" of attaining that goal.  Then they turn to their computer technician whom they only pay when the computer breaks down.  Since, that computer technician only gets paid when the computer is NOT functioning, there is no financial incentive for him to prevent problems from occurring.  So, where can a business owner turn to for advice on preventing computer problems and mitigating disruptions?

In the next series of blog posts entitled "The Five Pillars of Computer Reliability and Stability" I'll detail the steps you can take to prevent computer problems and mitigate disruptions in non-technical language.  I'll present the "Five Pillars of Computer Reliability and Stability" in a management framework that you can use to manage your computer disruptions more effectively as well as either get you current technician on-board with preventing or mitigating computers disruptions or find a computer technician that will work with you toward that goal. 

Thursday, September 27, 2012

SMB's Suffer High Incidents of Bank Fraud

Guardian Analytics and the Ponemon Institute have combined to publish the results of their  Business Banking Trust Study. The study underscores the battle against increasingly sophisticated bank fraud campaigns targeted at small to medium sized businesses.
Some of the reports highlights:
  • 56% of businesses experienced a bank fraud attack in the last 12 months. Of those that experienced fraud, 61% were victimized more than once. 75 percent of the businesses participating in the study experienced online account takeover and/or online fraud.
  • In 78% of fraud cases, banks failed to catch fraud involving the illegal transfer of funds or other nefarious practices such as information identity theft.
  • 38% of respondents said they access their company's banking accounts from mobile devices including smart phones and tablet PCs like the iPad, compared to only 23% in 2010.
Legally, business accounts aren't protected against losses due to fraud, as consumers accounts are. As a result, small businesses are forced to absorb excessive losses resulting from their business bank accounts being fully drained and unable to recover any of the losses.

What are can you do to avoid being a victim?  The follow are best security practices
  1. When you access your bank account online, do it from a computer that is NOT used to access the Internet or email.  You should have a dedicated computer that accesses only your bank account and nothing else.  As an alternative, you can configure a "virtual" computer using VMware Workstation.  This  creates an environment similar to having a separate computer without having to purchase separate computer hardware.   Ask Avisotek for more details or your computer service provider 
  2. Change your bank account password every 30 days
  3. Make sure your computer has a firewall that filters incoming and outgoing network communications.  The Anti Virus software should perform "full scans" every day.  Security updates to Windows XP or Windows 7 should be performed weekly.  
  4. The computer you access your bank account online should be used for business purposes only.  DO NOT download and install games, wallpaper, music, weather bug, desktop themes, etc.

Friday, June 29, 2012

To Cloud Backup or Not To Cloud Backup

To backup your company data in the "Cloud" with an online backup provider or to backup to only a local hard drive? That is what many small business owners are asking themselves these days.  

For a small business with inadequate (or no) Disaster Recovery Plan, online backup can be a huge step in the right direction from a data protection standpoint.  A company's data is considered one of the most valuable assets a business possesses, and should be protected in the event of a total disaster such as a fire, flood, earthquake, or theft.  Therefore, having an offsite backup is very prudent.  However, business owners should consider some of the security concerns associated with putting your data on someone else's computers. 

Acccording to Kevin Beaver, information security consultant with Principle Logic LLC, "How do you know your backups are going to be secure? It's more than just 'we encrypt' and 'you'll have a login,'" said Beaver. "Online backup environments are just like any other Web application. There are literally tons of security flaws that can be exploited to put your backups at risk. Don't fall for the common 'we're SAS 70 certified' response. Ask for an independent penetration test/security assessment of Web-based environment and ensure the vendor's assessing for new security flaws on a regular basis."

Security expert Jon Toigo, CEO of Toigo Partners International echoed this sentiment. "A lot of cloud vendors will tell you everything you want to hear in order to get your business, but it would take a lot of time and energy for you to go and investigate whether they can deliver what they are saying they can. Interview other customers and make sure there are ironclad security policies in place before choosing a vendor."

If you personally don't have the time to weed out the "Cloud" hype from reality, then consult with your computer services consultant or contact Avisotek. 

Also, data backup should only be one component of a full Disaster Recovery Plan.  If your server or computer that stores all your company data has a complete meltdown, how quickly do you need to have that computer up and running?  Two hours? One day? 72 hours?

How quickly data can be restored from a Cloud backup provider depends on your Internet bandwidth and how much data needs to be recovered.  Your can easily recover one Word document in 10 minutes or less. However, recovering 200 GBs of data or thousands of files is another matter.  It could take days or even a week.  You will need to know what the data transfer rate is in order to calculate how long it will take to fully recover ALL of your data in the event of a complete disaster.  If it is going to take too long, then you will need to explore other alternatives.

Put the "Plan" into Recovering from a Disaster

Four Essential Elements For an Effective Disaster Recovery Plan

Step #1: Identify Which Systems Are Absolutely Critical to Operating Your Business

There are three areas you need to assess: data, systems, and communications.   Determine the data that is critical.  Your customer database and accounting may be critical, but your employment applications forms may not be.  On what computer systems is this data stored?  Your company data may not be stored  in one location.  Data can be scattered over many computers.  Also, determine which computer systems are critical.  Perhaps, your company website availability is not important, but being able to access the Internet is.  Sure, you need to access your customer database, but is printing also critical?  Lastly, how do your customers communicate with you?  How long can your business survive if all forms of communication are disrupted?  What percentage of customers get a hold of your company through the telephone, email, or website?   If 90% of you customers choose to contact your company using the telephone, then you could consider your phone system is far more critical than email.

Step #2: Determine How Long You Can Be Without These Critical Systems

If you clients could not contact you because all you communication systems are disrupted, how long will it take before they will contact a competitor?  If you cannot process orders, at what point will you lose revenue and potentially loose customers?  If you need your systems functional in 24 hours, then a solution that will get those systems functional in 7 to 10 days is not the right solution for your business.

Step #3: Know the Value of Your Critical Computer and Communications Systems 

It is easier to figure out what the replacement costs of you computers are, but what about that customer database?  How many hours have you spent entering information, comments, orders, etc?  How much did you pay employees to enter this data?  Sure, you will need this information for insurance purposes.  You do need to make sure you are properly covered.  And, you can't determine the best coverage until you know the replacement value of your systems and how much business you may lose as a result of the system being down.  But, insurance companies do NOT cover data loss, only lost business.  How long would it take to reconstruct your customer database?  How much would it cost you to have all that data re-entered into the database?  You may be surprised to find out that your database may be valued at tens of thousands of dollars.

Step #4 Have a Disaster Recovery Plan in Writing!

This is the most important element that you must have.  When a disaster occurs you must be ready to recover and get your business up and running otherwise your business will be a statistic. As simple as it may sound, just thinking through in advance what needs to happen if your server has a meltdown or a natural disaster wipes out your office, will go a long way in getting it back fast.  At minimum, the plan should contain details on what disaster could happen and a step-by-step process of what to do, who should do it and how.  Also include contact information for various providers and username and password information for various key web sites and services.  Writing this plan will also allow to think about what you need to budget for backup, maintenance, and disaster recovery.  If you can’t afford to have your network down for more than a few hours, then you need to a plan that can get you back up and running within that time frame.  You may want a redundant server, allowing your office to run off the redundant server while the real one is being repaired.  And, with “virtualization” there are real inexpensive options to having a redundant server.  If you can afford to be down a couple of days then there are less expensive solutions.  Once written, print out a copy and store it in a fireproof safe, and offsite copy, and a copy with your IT consultant. 

"Open for Business" disaster planning recovery series is an excellent source for those wanting to properly and fully plan for staying open for business in the event of any major disaster.

Thursday, June 7, 2012

LinkedIn Password Compromised - What Should You Do?

Yesterday, LinkedIn confirmed that millions of LinkedIn users passwords have been compromised.  Later, LastPass’s and LeakedIn websites offered tools to enter your LinkedIn password to find out if it had been compromised.  Why bother! Just change your password! It would take less of your time than going to one of these websites....and you should be changing your password regularly anyway.

I agree with Jim Bliss comment to article "How to Check If Your LinkedIn Password Was Stolen" on

Why LastPass’s and LeakedIn’s password checking tools (above) are really not a good idea:

1) They only check a subset of the leaked passwords. Therefore, even if you get a ‘clear’ result this can not be relied upon as there are many leaked passwords that are not checked against.
2) Recommending users to enter their passwords into third party sites is asking for trouble, desensitizing users to the problems of phishing.
3) Sooner or later (if not already) a site will spring up claiming to check passwords only to store them for nefarious use (yes, without a corresponding username / email address it is arguably less problematic; however, it would still be useful data for a cracker enabling them to hash the captured password and see if there’s a match and, bingo, you’ve done their work for them).

Far better advice, IMO, is to ignore the checking tools and just change your password.
Checking with these tools provides no security or assurance whatsoever.

Saturday, May 12, 2012

"Disaster Recovery Plan" May Not Be Sexy, But It Will Save Your Business Assets

I think Dale Carnegie said it best "plan for the worst, and only good things can happen".   In previous blogs I've talked about how 50% of businesses file for bankruptcy immediately after a disaster which prevents them from accessing their data for 10 days or more.  93% will file for bankruptcy within one year following a disaster. Clearly, these companies were ill prepared, and the worst happened because of this lack of preparation.

In the blog "What Kind of Disasters Can Put Your Business Out of Business" I discussed what were the most common disasters that caused these companies to file for bankruptcy.  Many of these so called "disasters" do not fall in the category of "acts of God".  In fact, the majority of these disasters are "man made" and therefore are 100% preventable.

It does take information to know what to do, and it takes motivation to implement a plan.  Sitting on the information won't do you any good. You need to put that information into action.  Now that I've outlined what can happen and how certain disasters can impact your business, you will need to know what can be done to prevent, mitigate or even recovery from these disasters.

The best approach to managing disasters is a combination of the following:

  • Disaster Prevention
    • For those events that are within your control to prevent then take the steps necessary to prevent the disaster from occurring.  Even if you are not confident you can 100% prevent the event, even reducing the likelihood or mitigating the effects can save money or even your business.
  • Disaster Recovery Planning 
    • For those events that are outside your control then develop a plan to recovery from these disasters in such a way that produces the minimal impact on your business when that disaster strikes

But, what is this disaster prevention and planning going to cost my business in time and money?

That is an excellent question, but you are putting the cart before the horse.  You should first ask, "If a particular disaster strikes my business, what will be the financial impact on my business?" And, you need to determine not just the short term financial impact, but potentially the long term financial impact as well.  Once you have put together reasonably accurate financial impact numbers, then you can start examining the disaster prevention and recovery planning costs.  At this stage it is more like shopping for insurance. 

In the next series of blogs I'll drill down into more detail about the most effective methods of disaster recovery and prevention planning.

Saturday, March 24, 2012

What Kind of Disasters Can Put Your Business Out of Business

When a disaster occurs you will want be ready to recover and get your business up and running ASAP, otherwise your business might be a statistic. Considering that 93% of companies that lost access to their data for 10 days or more filed for bankruptcy within one year of the disaster, and 50% file for bankruptcy immediately, you can't afford not to be prepared...unless you are prepared to completely lose your business!

In order to prepare you need to know what to prepare for...

What kind of disasters caused the above mentioned businesses to file for bankruptcy?

  1. Fire, flood, earthquake, tornado, or other natural disaster that caused major damage to the computer systems or completely destroyed the building where the business was located
  2. Theft of the major or all computer systems and/or data
  3. Electrical surges, brown outs, or power outages that caused electrical damage to the computer systems
  4. Act of sabotage which in most cases were directed at the most important data or database by a disgruntled employee or contractor
  5. A lawsuit brought against the company for lack of required data security
  6. Lack of sufficient environmental controls which caused the computer systems to overheat to the point of complete failure
  7. A virus infection which was designed to wipe out or erase all data on a computer hard drive
  8. Hardware failure from normal usage

As you can see, not all disasters are "Acts of God" out of your control. In fact, numbers 2 through 8 are 100% preventable. To prevent these disasters you just need to know what process, procedures, or products to put into place.

How did these disasters impact the businesses to the point of putting the company out of business?

The answer is actually pretty simple. Essentially, the businesses were unable to deliver their product or service to their clients because...

  1. Customers could not communicate with the business due to phone or email systems being unavailable
  2. Ordering, inventory, and accounting databases were lost or unavailable preventing the processing of customer orders
  3. The good name or reputation of the business was lost causing customers to go elsewhere because of lack of reliability, slow delivery of product, or lack of confidence their private data is secure

And the above is just to name a few causes, but you get the idea.

Next Blog: What steps you need to take to prevent the above from happening to your business.

Tuesday, March 13, 2012

Stuxnet: The Cyberweapon That Almost Blew Up a Nuclear Powerplant - Update

Back in September 2011 I wrote a blog article entitled "The Cyberweapon That Almost Succeeded in Blowing Up a Nuclear Power Plant" that told the story of the cyber attack on an Iranian nuclear power plant.  Recently CBS 60 Minutes picked up on the Stuxnet story and created a 15 minute segment entitled "Stuxnet: Computer worm opens new era of warfare".  Security professionals have been sounding the alarm for years that our power facilities, power grid, and manufacturing plants are vulnerable to sabotage by a cyber attack. I highly recommend you watch this video. 

Friday, March 2, 2012

Windows XP Be Gone!

It is time to ditch Window XP! If your business hasn't moved to Windows 7, then the time is now...and here's why...

I'm not a Microsoft raving fan, nor am I an unofficial representative. Rather, I am just a computer consultant that has business clients and has to deal with the realities of the Microsoft dominance of the business computing market. When Microsoft came out with Vista and promoted its innovations, I took a pass and kept all my clients on Windows XP. Vista proved to be buggy, unstable and slow. Business needs systems that are reliable, stable and efficient. Waitng for Windows 7 proved to be the best idea. The improvements Microsoft made to Windows 7 over Vista were numerous and well worth the wait. It is fair to say that Windows 7 is my favorite of all the Microsoft operating systems.

Micosoft has annouced that it will stop supporting Windows XP in April of 2014. That may sound like along time away. But, let's get real! Lack of support means that there will be no security patches which will leave your computer vulnerable to the latest attacks. As a business you need to be in compliance with Federal and State data security laws and you can't be in compliance if you can't keep your systems secure. Also, lack of support means software vendors will stop making applications for Windows XP. So, increasingly your company will have fewer and fewer application options for new software or even updates to your current applications.

Your business needs to plan NOW for the transition.

Again, let's get real! You can't set up a new business computer and have all the functionality you have now with your old 5 minutes! Yeah, I wish. It is going to take time and money. Plan your budget and plan for the time it is going to take to purchase, install, configure and train your staff.

And, if Microsoft stopping support on Windows XP is not enough, Microsoft is going to be coming out with Windows 8 by 2013 (And, maybe sooner if Microsoft can get is engineering act together!) Some of you may be thinking that it would be best to wait for Windows 8. You may be thinking choosing to transtion from Windows XP to Windows 8 would be fine. Think again.  My recommendation is DON'T WAIT! Get Windows 7 while you's why...

According, to Paul Thurrott who is a highly respected industry analyst for Window IT Pro magazine and SuperSite for Windows puts the reason into perspective, "Windows 7 was a minor update with extremely clear goals: Keep everything that was right about Windows Vista but make it faster, smaller, lighter, and more manageable. Windows 8, meanwhile, is a revolution. And these things take time." And, as a "revolution" as Paul Thurrott states, the operating system will most likely be like Vista was in that it will be buggy. Paul continues "...there's this measure of doubt that something has gone wrong....Some (developer) complaint posts are so long and so frequently commented on that they're actually locked because they've become too unmanageable. Finding a positive note here is next to impossible."

The wait for Windows 8 may take more time than you think, and there is a strong probabilty it won't be worth the wait for the intial release. But, regardless of what happens with Windows 8, Microsoft will continue with it's plan to phase out Windows XP. It is time to ditch Windows XP and move to Windows 7!