The importance of online privacy

Online privacy is a topic that is often misunderstood. Many people believe that since they are not involved in doing anything wrong that there is nothing to hide and therefore online privacy is not an important issue. However, online privacy is more about service providers profiling you, including your likes, dislikes, habits, beliefs and beyond, so that you can be the target of advertising, misinformation, and beyond. Ultimately, service providers you have trusted use your information to generate revenue. Who knows where it all goes from here and perhaps one day that profile intersects with insurance companies, healthcare providers, employers, and government if it hasn’t already.

Everywhere you travel, every move you make, the nuance of your writing, emails, phone conversations, essentially everything you do, is being logged and analyzed through artificial intelligence with the aim of monetizing the information. We are all subjected to a conglomerate of big tech company experiments. While corporate attorneys may have written language in their terms of use agreements for the applications or services we use, explaining how your information may be used, most of us never bother to read or consider the impacts of misuse.

We are barraged by privacy statements with many sites now asking you to accept their use of cookies and privacy policies.  Here is one of note:

“YouTube Privacy Warning”

“YouTube (owned by Google) does not let you watch videos anonymously. As such, watching videos here will be tracked by YouTube/Google.”

Have you ever turned off location services for Apple Maps 0n your iPhone only to have it tell you later that your car is parked 150 feet away? Did you know that Alexa has features that allow it to listen and record private conversations and forward them on to contacts? Do you know when Alexa is listening or any other “smart” devices? Have you ever had Siri speak to you when you weren’t talking to her? The point is we don’t know how a lot of the technology works and what happens with the associated data. Have we invited devices into our homes and businesses naively thinking they’d help without considering adverse consequences? How often do you see advertisements for products that you were viewing online elsewhere being presented to you as an advertisement on social media or another website?

Big tech is doing its best to monetize your private information by either directly targeting you with adds, or through the sale of your private information to other data mining companies. Google now buys credit card data so they can better understand your purchasing habits to better target adds and know when you bought an item after an advertisement was presented. Online marketing campaign metrics have become very precise.

So still, why care about privacy? The Cambridge Analytica scandal speaks for itself where a vast amount of personal information was provided by Facebook and shared with Cambridge Analytica who exploited the information for political purposes during 2016, targeting profiled potential voters with disinformation in attempt to get them to vote a particular way. This was business as usual for Cambridge Analytica who had been helping politicos win elections throughout the world with its tactics. Weaponizing personal information is clearly crossing the line.

The free services model being provided by companies like Google and Facebook are at the heart of the problem where services like email and social platforms are provided in exchange for users personal information being collected, analyzed and eventually monetized. Unfortunately our representatives are underwhelming in there knowledge of and response to the problem. This was demonstrated during a 2018 US Senate hearing where senators asked questions of Facebook’s CEO such as how do you make money. Between lobbyist and uninformed representatives we have little hope in solving the core issues in the near term.

So how can you begin to protect yourself? 

  • For starters take care in how you utilize online platforms such as Facebook and other social media applications. The questionnaires that your network routinely share that seem harmless are utilized to directly profile you and may be later used against you in the form of advertising and disinformation campaigns.
  • Use Internet Security Software that blocks website tracking by web analytics, ad agencies, behavior trackers and social networks.
  • Consider utilizing VPN services that can enable you to browse anonymously and encrypt your data end to end, so that your activity is not tracked by your Internet Service Provider nor intercepted by prying eyes.
  • Utilize web browsers, email platforms, search engines and internet security software, or services who have stated missions to support your privacy.
  • Some names that come to mind are Mozilla, Proton, DuckDuckGo, among others.

Network Management Solutions has been helping business navigate technology challenges since 1996. Please contact us for a free, confidential assessment. We can be reached at 908-232-0100 or on the web at www.nmscorp.com

Business Continuity Planning – Lessons Learned

The COVID-19 pandemic has created strife across the globe. Many families have suffered from illness, the loss of a loved one, loss of employment, and in some cases maybe a loss of hope in a way forward back to normal. While many businesses have been shuttered others deemed critical or those that operate virtually may be thriving. Assuming your business is operating, have you been able to operate effectively and efficiently? 

Some businesses are benefitting from their consumers being shut in, leading to increased online video and music consumption, people using at home time to learn a new skill, hobbyist expanding their knowledge base. All that aside, in order to operate virtually a business must have at a minimum an appropriate technology infrastructure and a business continuity plan that considers workflows.

Maybe you moved your business operations to the cloud so that all you applications are hosted in some remote data center and not your office space. Maybe you had a plan in place. Providence Regional Medical Center in Everett, WA treated patient number one in the US. They had a pandemic plan, had recently tested it, felt confident but when the pandemic hit they realized they didn’t have enough critical supplies and were scrambling for personal protective equipment, PPE. Additionally, defective test kits provided by the CDC were also a major problem. This story played out throughout Washington State, the country and world.

Some business may have segments or divisions that were able to operate just fine while other segments were shutdown. Content providers such as Netflix or Disney have had no problem providing streaming services and supporting end users watching TV shows, movies and documentaries. However, their content creation businesses that produce new movies and shows have been shuttered. Even with the best planning and infrastructure in place, market dynamics have had a huge impact on business operations.

Assuming you have been able to provide your service virtually or were deemed critical and allowed to remain open, having employees isolated at home has had its problems. I personally needed equipment and what normally would take no more than 2 days took over 2 weeks to connect, get advice and place an order. The company was operating virtually and demand was at all time highs and their technology infrastructure did not support their business process remotely as it did when employees worked onsite.

So what have we learned? For me the biggest difficulty was to have imagined the scenario we all faced. This event was beyond many organization’s planning. Perhaps many of the behemoths got it right, or scrambled to make things work. The largest obstacle perhaps was getting the business processes right when forced to operate remotely with employees in isolation. Difficulties collaborating with colleagues, maintaining business workflows, and operating efficiently are among the largest hurdles that virtually operating businesses have had to deal with. This pandemic will certainly impact business continuity planning for many years to come.

So what can we do to be better prepared for other unanticipated disruptions? A framework is important to getting things right for all business continuity planning. Below is a simplified 5 step approach.

  1. Develop a plan – Assemble a team, identify outage scenarios and goals. List what services must function as soon as possible, and what other functions can wait.
  2. Establish business operations workflows – Define how various departments and staff function both independently and cross functionally. Identify how the business operates with staff in isolation or at remote locations. Identify logistical moves of personnel that could be made today which would support business recovery plans in the future. Some firms such as Facebook are already defining work from home positions. Establishing work from home positions could potentially boost employee productivity and reduce company costs.
  3. Define the technology – Identify the services and infrastructure necessary to support the plan, as well as what other technologies could improve efficiencies or resilience. Identify potential logistical technology moves that might better protect the company, i.e. cloud computing and services.
  4. Brainstorm potential pitfalls – Ask what are we missing, identify the what ifs….
  5. Test the plan – Testing can help identify gaps in planning. After testing assess what worked well, and where expectations fell short. Identify the necessary changes and retest.

Network Management Solutions has been assisting companies since 1996 to design, implement, monitor and mange IT infrastructure. We have helped companies recover from failed projects, security breaches and outages. Contact NMS for a free, confidential, consultation to understand how we may contribute to your business ongoing businesses success.

Managed Service Providers – Strategic Investment or Cost Reduction?

Many businesses will tell you that they initially decided to engage a Managed Service Provider (MSP) to reduce their information technology costs or avert adding additional employee resources. Fast forward to 6 months later and those same businesses may speak of the strategic value they have gained from the financially motivated move. While it is true that the right MSP can help control costs and expand resources, the right MSP can also bring considerable strategic value that was perhaps not part of the initial business decision.

Persistent ongoing security threats and continuous operational tasks place a significant burden on internal IT resources responsible for managing the company’s systems and networks. While properly trained full time resources often provide excellent support, in many small to mid-sized companies these resources are stretched beyond limits leading to missed tasks that can negatively affect service and security levels. Over time a once efficient and secure infrastructure can become exposed to slowdowns, outages, data losses or worse yet, compromise. MSP resources can be a welcome addition to help assess, patch, configure and restore the infrastructure to its former state. 

Managed Service Providers can add to an organization’s technical depth and know how specific to tools, approaches, and methods to maintain and improve service levels and security. MSPs interface with its customers through Standard Operating Procedures tailored to client requirements. These procedures help define service delivery, improve efficiency, and communications between the organizations. Additionally, custom tool sets used by MSPs can be leveraged to identify potential weaknesses before problems impact business operations or security. 

Simple vulnerability assessments can identify unpatched systems that are vulnerable to exploitation. As has been the case for many years, attacks continue to propogate through improperly patched systems. Unfortunately, many unchecked systems and networks have vulnerabilities that persist, raising the probability of an inevitable compromise. Simple ongoing systems maintenance has a significant impact on improving an organizations overall security profile and operating availability. However, many companies do not maintain proper patch management across their networks, systems and applications. Whether your business operates its own infrastructure or uses cloud services, ongoing systems management and maintenance is still a requirement.

A MSP brings value not only in the services which it provides but also in the knowledge of what is available and should be done in order to protect an organization. Ask any of the municipalities, government offices, or others that have spent millions recovering from recent attacks which were propagated through unpatched systems, certainly they would do things differently to avoid the events if they could go back in time. To believe there is little chance for your organization to fall prey is a mistake.

So what are some improvements a Managed Service Provider can provide its customers?

  • Improved service levels
  • Expanded knowledge and resources
  • Monitoring and assessment tools
  • Improved security posture
  • Improved processes and efficiency
  • Increased awareness 
  • Proactive planning
  • Personel redundancy
  • Reduced operating costs

While not an all encompassing list the above can provide significant improvement to any organization and its business infrastructure.

Network Management Solutions has been providing custom information technologysolutions since 1996 for large, mid-sized and small businesses.  We provide a variety of design, assessment and managed services customized to meet your business needs. Please call us at 908-232-0100 for a complimentary, confidential discussion of how Network Management Solutions can help your organization better manage its technology challenges.

Is your business at risk from a trusted employee?

All businesses depend on their employees regardless of their size. Trust is foundational in ensuring the business operates as required, customer needs are met, and intellectual property or regulated data is protected. While many companies are focused on protecting the business from external exploitation the thought of exploitation from insiders is many times missed.

Both Twitter and Trend Micro reported in November to have fallen prey to malicious insiders with legitimate access to sensitive company information. In both cases it appears that the companies did not discover the misuses by their own measures but became aware through 3rd party sources, long after the unwanted activity was initiated. Alarmingly, Trend Micro is a cyber security company which goes to show that even the best can get taken advantage of. Insider incidents are not new and are thought to account for one-fifth of all data breaches.

In the  case of Trend Micro the company indicated that 68,000 customer data records were provided to a 3rd party source who used the information in attempt to scam Trend Micro customers. In the Twitter leak, information was being provided to the Saudi government and Royal family pertaining to individuals who were hostile to the current regime. In both cases motivated employees provided the privileged information.

So what impact could a data breach have on your business? According to IBM the cost of a data breach in a small to medium business (SMB) with fewer than 500 employees averages $2.5M or 5% of annual revenue to remediate the issue. Regulated data such as in the case of Healthcare, averages $429/record, so the overall cost could be significantly higher to remediate the issue. Beyond cleanup costs a data breach can be devastating to a company’s reputation and the resultant loss of business can overcome many companies.

There is tremendous focus on the right tool set being the answer in solving complex information security issues. While investments in software, hardware, personnel, and training are all pieces in a complex puzzle, detailed processes and procedures are as critical as all of the other investments and without such, all investments are rendered ineffective. To many technical staffs the tools are exciting, but the process and procedures that insure the tools are generating manageable alerts for support staff may be viewed as ominous and are never fully implemented.

Without a proper implementation, many times events are generated and logged to some database server and alerts to supporting staff are never generated, or there are so many alerts that a support staff becomes overwhelmed and the response is to silence or ignore the alerts. When a third party source such as law enforcement contacts the compromised company and an incident response team is hired to investigate the breach, logs of malicious activity is often found tucked away on some database server that was never configured to alert support staff. Many times the malicious events have been ongoing for months to years.

Ask yourself or your employees:

How does the company monitor security alerts?

Is privileged user access to sensitive data audited on an ongoing basis?

Does the company use an internal audit function that is outside of the information technology group or use 3rd party resources to review security?

Are processes and procedures reviewed on an ongoing basis by an independent audit function?

Are the processes and procedures updated on an ongoing basis as the business and technology changes?

Does the organization perform regular incident response testing for data loss, systems outages, component failures, or other potential business disrupting compromises?

In the case of Twitter and Trend Micro a simple ongoing audit of privileged user access may have identified the malicious activity at its commencement saving time, reducing reputational risk, and significantly improving the company’s security profile.

Network Management Solutions has been helping organization since 1996 to establish sound information technology networks, systems, processes and procedures. Please call us at 908-232-0100 for a confidential consultation on how we can assist your business in managing the security of its information assets in a continuously changing world.

Ransomeware – Should You Be Concerned?

There has been a lot of news lately regarding ransomware. What is ransomeware and should you be concerned? Ransomware as defined by CERT is a “type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid”. Theft of proprietary information, credit card data, or personal information is not a motivating factor, taking control of vulnerable systems and denying access to the information is. It’s essentially a kidnapping of your IT environment. Ransomware can spread through direct targeting of a system, phishing emails or by unknowingly visiting an infected website.

Ransomware attacks started out primarily with individuals and it origins date back to the late 1980’s. Perhaps you know someone who paid a “fee” of $25 or $50 to have their computer “cleaned” of malware detected by some random third party organization. While it seemed to be somewhat suspicious that an unknown organization would detect your computer problem, for many it was just easier to pay the “fee” and move on. 

Ransomeware exploits today are aggressive, intrusive and demanding with Bitcoin or other cryptocurrencies being the payment of choice. While crypto platforms are not technically anonymous, they do provide opportunity to act anonymously. Crypto platforms make currency exchanges between wallets. The person(s) associated with the wallet are not identifiable in the transaction. In some places crypto exchanges are required to collect personal information but this is not the case in many places.

Ransomware attacks target individuals, corporations, governments, schools and even police departments. The ballooning monetary demands of ransomware extortionists are claimed by some as being fueled by cyber-insurance companies who prefer to pay claims to help drive new business. For an insured, having a ransom paid by an insurer is the quickest way to end a crisis and get back in business.

Lake City, Florida  at the end of June this year paid 42bitcoin worth about $460,000. The loss was covered by cyber-insurance with Lake City paying a $10,000 deductible. According to ProPublica, Baltimore, Maryland did not have cyber insurance and chose not to pay a $76,000 ransom payment and has spent $5.3M to date recovering locked files. Atlanta similarly balked at a $53,000 payment and has spent $8.5M to date on recovery. Another unnamed company chose to pay a $10,000 ransom payment when they realized that recovering their data from backup tapes would take weeks. Most recently, 22 municipalities in Texas were attacked simultaneously with extortionists demanding millions of dollars in ransom payments. 

Blaming insurance companies for helping escalate extortionist’s demands by paying claims is ignoring the elephant in the room. As business owners, managers and technologists, what is important is to focus on is how these exploits occur so we can prevent infection and its potentially devastating impacts. While having insurance as a financial tool is great, preventing the event is paramount to keeping the business operating.

Cyber exploitation occurs due to mismanaged or improperly patched systems, lacking processes and procedures, compounded by insufficient employee training. Unpatched computer systems are vulnerable to exploitation either through direct attack or by individuals browsing infected sites or clicking on malicious links. Once compromised, an inability to detect the breach allows the attack to propagate over time resulting in an ultimate loss of control over the organization’s systems and information. Without a proven disaster recovery plan, an organization stands little chance of regaining control in a timely manner.  

Some questions to ask yourself and your organization supporting your IT systems are:

Do we have a properly designed infrastructure?

Do we have a process to apply security updates ongoing?

Do we regularly backup our critical data?

Do we have a disaster recovery plan that is updated and tested on a regular basis?

Do we regularly validate our security posture, including audits and testing?

Are all of our methods documented and reviewed on an ongoing basis?

If we were to suffer an attack do we have a planned response, as well as the financial resources to recover?

Network Management Solutions has been helping organizations since 1996 design, implement, monitor and manage critical IT assets. Please call us for a free, confidential discussion regarding your IT challenges and goals. We can be reached at 908-232-0100 or on the web at www.nmscorp.com.

IoT, What You Should Know

Do you know what IoT stands for? IoT is the Internet of Things. It allows organizations and individuals to interconnect their home and business devices through a cloud (Internet) based service. Tech talk has been consistent since the beginning of time with its never ending stream of acronyms. If you’re like me you might find it a bit of a put-on. I guess originally tech speak was intended to make things sound important, technical, and beyond the average person. Today not surprisingly most industries have their own acronyms. 

Back in the mainframe days of the 1980s there were FEPs, Front End Processors; DASD, Direct-Access Storage Devices; and computing power was measured in MIPS, Million Instructions Per Second. Transmission lines were measured in KBPS, kilobits per second and there was no Internet yet. Computing resources and data storage devices were guarded by physical security such as, guards, video surveillance, card readers, as well as key locks. Companies that had multiple geographic locations and could justify the cost had point-to-point transmission lines providing remote access to mainframes and other computing platforms. Many times the remote terminals were kept in secured rooms that only authorized users could access. Security in general was simplified and data breaches far less common and certainly not headline news.

Today we live in a data intensive age where digital transactions build our digital footprint and influence how we are marketed to online. The average home today has greater processing power, data storage and global broadband access than many large corporate entities maintained in the early 1980s. Physical security controls while still important today have been augmented with a large array of technologies to monitor and manage information security at a physical, connectivity, application, and transaction level.

Cloud computing has become a serious alternative to multi-million dollar corporate investments, long timeframes and large support staffs providing pay-as-you-go pricing and the ability to scale globally on a near immediate timeframe. Millions of businesses use some form of cloud computing including startups, government agencies and the largest enterprises.

Amazon’s IoT Core has millions of customers and can connect billions of devices and process trillions of messages globally. Cloud computing is an incredible leap forward in computing technology in terms of its global reach, processing, scalability, and availability. While the technology is mind blowing there are still noteworthy security risks and downsides that are not addressed by simply implementing a cloud based infrastructure.

The Commission on the Theft of American Intellectual Property estimated in April 2018 the annual costs from the loss of intellectual property ranged from $225 billion to $600 billion. These costs are projected to rise to $6 Trillion worldwide by 2021. While there are many ways that thefts occur, including social engineering, technology transfer, hacking, the point is that there are risks regardless of how you run your business and that implementing a cloud based infrastructure is not a cure all.

Whether you are a small or large business securing end-point devices such as office computers, terminals, usernames/passwords, remote access devices, networking infrastructure and properly training employees to be able to identify potential fraudulent activity is critical. End-point devices need to be maintained though ongoing backups, updates and other processes. Finally if you are breached you need to be able to detect malicious activity and eliminate it in the shortest timeframe possible. Many of the largest breaches go on undetected for years leading to serious losses and business consequences.

Network Management Solutions has been helping small to medium sized businesses, along with some large global organizations adapt to the ongoing changes in networking and computing technology since 1996. Contact us for a free, confidential consultation. We can be reached at 908-451-1821.

The Value of Independent Oversight

The other day I was working in my shop. I mistakenly placed an expensive tool in a precarious spot and as circumstance would have it, the tool fell and was damaged. I was of course upset but it was my fault and I own the mistake. I was focused on the task at hand and not paying attention to details. Well, when I checked for a new part to repair the tool and found it was more than half the cost of the original tool, I was even more regretful. It was a hefty price to pay and an expensive lesson learned.

I identified the supplier for the part, a well known company, and begrudgingly placed the order. The quicker I ordered the part the sooner I’d get over the sting of my hurried mistake. Ordering the part was easy and my credit card was charged immediately. I waited for an email to relay the shipping details, one day, three days, one week passed before I finally decided to call the supplier for an update.

Upon calling the supplier the phone was answered within a matter of minutes and the support person pleasant. I was advised that the part had yet to ship because the company warehouse was 6 days behind schedule due to a failed IT upgrade. I was assured however that the order would ship within the next week. I was not happy as the payment was processed the day of the order.

I had never dealt with the company prior. It’s likely if I listed their name you would know the brand and perhaps like me, having dealt with them or not had a positive image of the operation. The reviews I read prior to ordering were largely favorable. My opinion however has changed and I know that’s harsh. The reason is that had I been advised before placing the order I would have had an opportunity to consider a different source, or been an informed, understanding customer that waited for the part through the delay. Instead there was no communications prior, and I had to call for the company for the reason of the long delay.

Does this major tool supplier realize the cost of their failed IT upgrade? A six day delay in processing orders is a big deal. What is the cost in terms of revenue, rebates and apologies to big buyers and future sales, but far beyond that the damage to the brand’s reputation? What other companies that depend on the supplier were unable to meet their customer deadlines?

Often organizations large and small don’t consider all the details of a complex or even routine upgrade. Personnel sometimes don’t speak up due to politics or their input is dismissed. Many times companies don’t measure the business impact of failure and hence there is no back out plan to restore service or communicate status with management and other stakeholders. 

At a minimum when undertaking an upgrade consideration needs to be given to items such as, can the current infrastructure support the new requirements; can the in-house personnel support the project; is there sufficient knowledge and planning by the stakeholders to ensure success; and most importantly what are the potential impacts to the company if the project fails? Critical to every project is a back out plan. Should the project fail, how are negative impacts to the company and its customers minimized? Finally if necessary at what point does the company communicate with their customers and what is the specific messaging?

Of course I don’t have the detailed reasons for the disruption. I do however know one thing as do many of the company’s customers and that is they failed. While failure is not uncommon in the complex information technology world, it is largely due a lack of planning and oversight, and when things go wrong negative impacts are magnified. Perhaps if there had been a back out plan to revert to the prior state no one except the company and maybe it’s vendor would have known. Even planning customer messaging would have minimized impacts to the company’s brand and its customers.

Network Management Solutions has been assisting companies since 1996 to design, implement, monitor and mange IT infrastructure. We have helped companies recover from failed projects, security breaches and outages. Contact NMS for a free, confidential, consultation to understand how we may contribute to your business’s success and its good name.


Why You Should Care About Information Security As A Small or Mid-Sized Business Owner

You’ve seen the news, heard all the hype; Marriott, Chinese State sponsored hacking, DNC email leaks, along with Saks, Lord and Taylor, Panera, Facebook, Under Armour among others becoming victims of data breaches. You’ve probably also seen the TV shows and commercials portraying hackers and their potential targets being defended by some slick cybersecurity group. While it’s dramatic, what does this have to do with you, the small to mid-sized business owner or manager?

Perhaps at first glance little to nothing you would say. Who would want my company’s information, no one will target us you think. Well, while yes the big companies, political organizations, governments, and others are direct targets you may be a target as well, albeit indirect. 

While no named organization, or government entity is going to directly attempt to hack your company you may be the target of smaller groups that crawl the Internet searching for vulnerable anonymous systems. So why do they look to do this especially if you and others truly have nothing to offer you ask? Well, at the very least you have some information as well as servers or other infrastructure that is of value to the perpetrator.

Hackers have differing motives. Some may be in search of sensitive information such as credit card data or personal and private information, others may seek to take control of your systems to anonymously launch hacking operations on others from your systems, while others may look to store stolen information for sale, or host pornography. Many who conduct this type of activity may do so from Internet cafes in far off places with limited chances for prosecution. Many have little means and any payoff from compromising a system is welcome. It’s not glamorous like what you get from TV or the media, not dramatic but the ‘work’ pays off.

So how do they find me?

Hackers use simple scanning tools readily available as freeware and test address ranges, identifying networks that have weak security controls or improperly configured networks. While they may not have specifically targeted your company they may stumble upon your company as its Internet addresses lie within the range of their target scan.  

So what’s next?

When an IP address is found to have technical vulnerabilities the next step by the hacker is to exploit the vulnerability with more free pre-packaged hacking tools and see if they can gain access to your network or systems. With success additional tactics and tools will be employed to poke around inside the network to see what information or hosts may be readily available for compromise.

What’s the payoff?

If they do obtain records of value, such as credit card information they look to sell it to other criminals that will exploit the information.  Values vary but here are some rough numbers.  Credit card information roughly sells for  $5 to $8. Data that includes the number as well as a bank ID number or a date of birth sells for $15. “Fullzinfo” information, which may include details like a cardholder’s full name, address, mother’s maiden name, Social Security number, and other details, can sell for $30. $30 to someone that lives in a far away place may be more money than the average person normally sees in weeks or a month. Beyond that they may disrupt or take control of your system just to show they can.

What’s your potential harm?

The potential for reputational harm or an inability to operate may far exceed the value of any stolen data. You may loose customers, business partners and revenue should your compromise be known or legally need to be reported. Business impacts could be severe if you can’t operate for a period of time.  Beyond that you may find that you are facing lawsuits from customers or business partners.

While I can continue to write the Internet is full of information and articles related to this topic so don’t just take my word for it.  Take a look on your own though some simple Google searches.

We have helped numerous companies recover from hacking, viruses and other security events as well as strengthen defenses against random hacking. Please feel free to contact us at 908-232-0100 for a discreet, confidential discussion as to how Network Management Solutions can be of assistance to you and your company.

Why Your Business Needs A Professional Information Technology Team

You may run your small to midsized business with ad-hoc resources that support your IT infrastructure. What do I mean by IT infrastructure? You know your desktop computers, servers, internet connectivity, cloud infrastructure, all the technology ‘stuff’ that enables you to track inventory, bill for services, manufacture inventory, produce reports; all the things your business needs to operate. You may utilize an in-house resource for some IT things since they have perceived knowledge but it’s not their primary role. You also call on outside resources such as a local computer store, your Internet Service Provider, email hosting company, or others depending on the perceived issue.

You might think that you’re saving money by not having dedicated resources that can monitor, manage and secure your infrastructure but you are not. You might think that much of what an IT person or company would do is not necessary for your small or mid-sized company but again you are mistaken. Having provided services for over the last 22 years we have seen many companies make assumptions that they can get by until they find that their business is in jeopardy having suffered a data breach, data losses, system outages or other problems that now threaten the company and perhaps its viability.

What do outages and slowdowns cost your business over the course of a year? If you or your employees cannot work for an hour or two, or you can’t track orders or inventory, or if you can’t appropriately communicate with your customers for the day, or run a production line for an extended period what is the cost? What if your server gets compromised and begins emailing all your clients malware? In all these cases there is not only a quantifiable cost in dollars but perhaps also in loss of reputation. I don’t know about you but if I can’t count on the companies that I interface with I go elsewhere for the products or services I need.

At Network Management Solutions we have seen in many instances where companies cannot operate for days or beyond. Improper software or hardware setup can not only cause performance issues such as slow response but also lead to data breaches. Malicious phishing attacks are emailed on an ongoing basis, without proper setup an employee’s mistake of clinking on a link may lead to malware, compromised passwords and systems. Perhaps the real value of the IT infrastructure and the business reliance on it were not scrutinized until the small problems became momentous.  

So what  can a service provider do for you and your company? While no one can guarantee that IT problems will never occur, a professional services organization like Network Management Solutions can ensure that problems are reduced to a minimum and the effects of any outages are quickly recognized and mitigated.

A proper Managed Service Provider (MSP) will make certain that your infrastructure is appropriately designed to meet the business information needs, focusing on reliability, information security, and performance. This may include ensuring desktop computers are maintained, servers are updated, security patches are applied, outages are addressed in real time, and the overall health of the infrastructure is monitored to prevent and mitigate potential outages. Additionally, an MSP will identify design flaws and recommend measures that will improve service levels, security, and data retention. You can’t get these services from a full time employee acting as a part time IT resource, or a part time IT firm of 2 people that may be assisting other customers and cannot address your business needs for days.

If you are interested in protecting your business, its information assets, and the systems that help it operate while maintaining a fiscally sound approach we would like to speak with you. Network Management Solutions can be reached at 908-232-0100.  Please contact us for a free, confidential discussion to learn more about how we can assist your organization.

How To Select A Managed Services Provider

You have a growing business that relies on computer based technology. What do I mean?… well, computers, operating systems, servers, networks, internet connections, cloud infrastructure, and data sharing applications. Yeah it all sounds overwhelming and jargon filled but you need these things to run your business.

You have been getting by with support from an internal resource or two that have a little information technology experience but maintain other full time responsibilities within the business. You might also as well utilize an outside resource at your internet service provider or local computer store.  You know its not efficient, it’s a drain on your internal resources and problems seem to fester.  Its time for a change but what’s next? 

This article is intended to help guide you towards a solution, that will free internal resources from ad-hoc IT tasks and enable your employees to focus on their intended functions, as well help you to have a problem management process and secure technology infrastructure that most effectively supports your business.

Introducing the Managed Services Provider, or maybe you already have one, but it doesn’t seem to be working out. Hopefully these steps will set you on a path towards solving the dilemma and keeping your IT systems and information secure and in top shape.  

  1. Identify your infrastructure. Identify what internal and external infrastructure exists that supports your business. What I’m talking about are computers, servers, network connections and applications. If you’re not quite sure how to gather this information, many Managed Services Providers will assist in the process through an information technology assessment. An information technology assessment should be routine to an MSP and some will credit the cost of the assessment if you decide to sign up for their ongoing services.
  2. Identify your service needs. Decide what elements of the overall internal and external infrastructure need oversight. For example if you host an internal email server, or database server, is this something a third party could take on the management of? Do you require proactive management of network connections, servers, and applications, or do you just wait until they fail and scramble to identify where the problem is? Perhaps our IT problems page, or evaluation checklists can help you come up to speed and refine your approach.
  3. Assemble your business requirements. Now that you have a clear understanding of the components in your infrastructure and service requirements, such as proactive monitoring of critical systems, problem management support, support hours and response times, document these items as they will be critical in moving forward towards a decision on a new Managed Services Provider.  
  4. Interview potential Managed Services Providers. Find out what services each company provides and how they map to your business requirements. Do they have the staff, experience, and hours of coverage to support the business requirements; can they respond in the required timeframes; do they provide ongoing updates on service outages, or operating systems updates and patches?  Is there a standard service level agreement that defines how issues are managed and can it be customized to support your specific requirements?  Identify the cost of services for supporting your current requirements as well as the costs as your business and infrastructure grows.
  5. Select a Managed Services Provider. Establish clear service level agreements defining services provided, operating procedures, response time agreements, as well as key contacts and escalation procedures. Also establish the ongoing reporting provided by the Managed Services Provider and have the reports customized to meet your specific needs.
  6. Review ongoing performance. Review reports provided by your Managed Services Provider and compare them to your service level agreement. Most importantly maintain an open and honest dialogue with your Managed Services Provider. Clear open communications will foster the results you are looking for while strengthening the partnership and mutual respect and trust in the business arrangement.

Network Management Solutions has been providing custom information technology solutions since 1996 for large, mid-sized and small business.  All of our services, including our Managed Service Provider solutions are customized to support our client’s business needs. For more information please call us at 908-232-0100, also reference our online questionnaires and toolbox.

Network Management Solutions  www.nmscorp.com. Please reach out we want to assist you in making your business better.