Strategic IT Planning is a collaborative process taken with clients to understand their business needs and goals, that ultimately allows the IT budget to appropriately align with the organizational priorities. As 2021 is quickly approaching, it’s time to start planning to ensure you hit next year’s IT goals. If you haven’t yet done any sort of strategic IT planning, check out these tips to help get you started before the new year.  

#1 – Asset Management  

Identify what equipment is currently performing well and what might need to be replaced to continue ensuring that work operations are happening at maximum efficiency. This step typically involves gathering all your company’s hardware and software inventory information and completing an IT audit. From there, your internal IT department or an MSP like Five Nines can identify and fill in technology gaps to minimize downtime. 

#2 – Document End-of-Support vs. End-of-Life Dates  

An end-of-support date means the product provider has decided to no longer provide a support line, while the end-of-life date is a term to describe when a product is no longer for sale. Knowing and documenting these dates for all of your equipment will ensure future IT audits run smoothly and unexpected surprises do not arise. Surprises can range from compromised data security, decreased productivity, higher maintenance costs, non-compliance issues, and problems with scalability just to name a few.  

#3 – IT Risk Assessment  

The end of the year is a great time to run an IT Risk Assessment. In this process, you’ll look at what was effective and ineffective in your IT infrastructure this year. Create a series of questions that assess your standards, guidelines, and best practices. Use the same assessment on an annual basis to begin to understand where the gaps are and how to best fill them.  

#4 – Consider your talent  

Whether it’s an IT services partner or an internal team member, decide who you need on your team to execute the strategy you’ve developed for your business. If you’re needing to bring in an external partner or new hire, you’ll want to include this cost in your overall budget and consider what the return on the investment may be. 

#5 – Budgeting  

With remote work being heavily prevalent right now, you should ask yourself these questions: do you feel like the year went smoothly from a technology standpoint and did your workforce transition seamlessly from work to home? If not, you may want to consider budgeting for more equipment or services that could alleviate some pressure from your teams. 

The truth is, you can never really unplug from business if your IT infrastructure is not fully supported. With the holiday season right around the corner, we encourage you to unplug over the holidays and leave your technology in the hands of a capable Managed Services team. Continue reading to see what services you could count on by partnering with Five Nines throughout the holiday season and beyond.  

24 / 7 / 365  

Your company’s IT is not an 8-5 job and it never will be. Every single day of the year, it requires 24-hour monitoring so your organization can continue to drive revenue while reducing costs and risks. An on-call engineer is a great resource to keep an eye out for suspicious activity and minimize downtime for your organization. Knowing that your business' technology is being monitored for you will help you and your coworkers really unplug over the holidays.  

Controlled IT Costs  

IT spending is becoming more of a strategic move by most businesses and investing in the right technology is something you must plan ahead for. Your IT team should provide you with 1 – 3 – 5 year budgets so your organization isn’t faced with unexpected costs as you are budgeting for the next year throughout the holiday season. Long-term budgeting and planning will give you peace of mind towards the end of the year as the direction of your IT infrastructure is more controlled and defined.  

Focus on your Core Business  

As the end of the year approaches quickly, it’s essential to focus on the things that matter most before the new year – your core business. Leaving it up to the IT pros has become the common trend when it comes to specialized departments because organizations want to stay more focused on their day-to-day functions and finish the year strong. It can be extremely beneficial to have an MSP worrying about your business technology for you so you can really unplug during the holidays.  

Website breaches can cost millions of dollars and thousands of hours to remediate. Joe Brown, Five Nines Director of Marketing Operations, knows firsthand. In his career, he has worked with businesses to remediate breaches where a small WordPress vulnerability was the culprit. If a couple of basic and relatively cheap steps were taken, the breach could’ve been prevented. Read more to see how you can improve your website security and performance before the new year!

Access Tips

Be mindful of who has access to the backend of your website and at what level. Think through the roles of your team and divvy up access from there. If your Marketing Specialist posts blogs, make them an author, if they post financial reports or change content on webpages, make them an editor. Admins can edit everything including users and credentials so you should be very selective when determining who should have that access. Another good rule of thumb is requiring two-factor authentications for all accessors. Joe suggests MiniOrange 2 Factor, which integrates directly with WordPress.  

Another access tip he has is to avoid using the default "domain.com/wp-login" WordPress domain for your login screen. This is one of the primary ways hackers attack WordPress sites. The WPS Hide Login plugin is how Five Nines avoids the threat of that basic login screen. In this case, if a hacker finds a user password, they will then need to find the login page which is now hidden.  

Lastly, CloudFlare is a paid filter for websites. It sits on top of the website and filters every single request your site gets. As a good practice, Joe does not allow users outside of the United States to access the website. This protects it from hackers originating from outside of the country that are hungry for your data. The unintended bonus of utilizing CloudFlare is that it drastically improves your site's performance and speed, especially on mobile devices.  

Maintenance Tips

Maintaining your website properly is the key to ensure no threats are originating from the inside. This involves many moving parts including plugins, a staging environment, and regular backups. If you are the webmaster (person accountable for the website) of your site, you need to prioritize these three things at a minimum.  

Plugins are one of the leading causes of breaches, broken websites, and information being leaked. At a minimum, plugins should be updated weekly. It's as simple as logging in, going to the Updates tab, and pushing “refresh." If there is an update, it takes one minute to put it in the staging area, test it, and push it live.  

The staging environment is a clone of your site where plugins can be tested in a safe environment before pushing it to production. Companies like Flywheel are a great resource to utilize when it comes to setting up staging areas.  

Lastly, backing up the contents of your site is imperative. If a plugin breaks or you need to make a change, you want the peace of mind to know that have the ability to revert to a previous version of your website.  

To hear further explanations of the concepts above, watch the recording of our Tuesday Tech Talk. 

#1 – Practice Good Password Hygiene  

To practice good password hygiene, you will want to use strong and unique passwords and enable two-factor or multi-factor authentication. If you’re worried about having to remember a large number of unique passwords for all your accounts, Jessica suggests downloading the free password manager “Last Pass” on your desktop or mobile device.  

#2 – Know Your Risk Factors  

Be aware that there is a cybersecurity risk of just browsing the internet or having an email address – it’s low, but it’s there. Jessica suggests using haveibeenpwned.com to check if an email address, password, or website has been compromised and how frequently. From here, you can make more knowledgeable decisions on website subscriptions or update your accounts with higher-strength passwords.  

#3 – Perform Regular Updates  

Hopefully, your IT department is frequently performing these on your work devices, but it should be done on personal devices as well. For a Windows device, you can type “Windows Update Settings” in the search bar and check for updates. A good rule of thumb is every 30 days to ensure your device works as efficiently as possible.  

#4 – Have a Backup Solution  

Be proactive rather than reactive. If you don’t have something in place now, it will be too late when you do get hacked. Back up essential documents using cloud-based methods such as Google Drive or iCloud. If you are someone with a vast amount of data to store, Jessica suggests a paid backup solution: BackBlaze is only $6/month for unlimited storage.  

#5 – Think Before You Click  

Be wary of unsolicited messages – emails, texts, online ads. Hackers send these in hopes of gaining access to your credentials or to prove your domain is credible. Jessica suggests you do not respond, do not click on links, and always delete. Also, mark as spam, block sender and notify your IT department. It’s better to be safe than sorry.  

You come to work with all systems operational: patients are being checked in. Nurses are filling out charts. Doctors are prescribing medicine. Everything in your hospital is working exactly how it should.

In an instant, that changes. Your system is down, and now patients can’t get checked in, nurses can’t access records and crucial information that might save a life, can’t be accessed.

Can you afford that?

Technology unites us all. From banks to hospitals, we’re living in a period where technology is not only evolving but so is the experience you need to maintain your daily technology operations and innovate. Where technology gains in efficiency and security, so to do the ways in which hackers and malicious cyberattackers decide to threaten it.

In the last 3 years alone, over 11.7 billion records were lost or stolen by hackers in the United States, according to an IBM Study, in 2019. And when data breaches happen, targets feel the burden for years.

Why do companies look to outsource their information technology needs?

With threats increasing and technology advancing, companies are looking to their internal teams to help protect them from high-level attacks and to secure their confidential information, on top of staying operational for day-to-day business. But when you are a small to mid-sized company, those resources might not exist or have the capacity to truly protect your environment.

Below are some of the top 3 reasons we see companies turning to outsourced managed I.T.

Want to learn more about implementing multi-factor authentication for your business? 

We’ve talked a lot about the importance of changing your password and making sure you choose passwords that aren’t easily guessed. And while you should always beef up your password game, no matter how strong a password is, there’s still potential for attackers to gain access through a phishing scheme or an email interception.

Want to learn more about implementing multi-factor authentication for your business? 

It’s likely your company depends on several pieces of technology to consistently deliver a seamless product or service to your customers. When you consider that, protecting your technology assets and the IT environment that supports them for day-to-day business is a crucial aspect of your overall business strategy. 

Have questions on how this affects your business? 

Cloud services have modernized the way company's work and allow for collaboration in any place, with any device. At Five Nines, we’re big fans of Office 365 applications, but there are so many features of the platform, that it can get confusing to understand which ones you should use, and how they integrate. Let’s break down some of our favorite applications and how you could leverage to improve your workplace communication and collaboration.

Have questions on how this affects your business? 

As we close out the end of the year and look ahead, it’s important to keep cybersecurity top of mind in 2020. As a business, taking the time to educate your team about cybersecurity can help create a security-conscious company culture, where people are not only aware of the risks, but they’re also able to spot them before they unknowingly create a costly mistake for the company.

Have questions on how this affects your business? 

As technology continues to change, the number of ways your company can be targeted in a malware attack grows. At Five Nines, we put a major emphasis on educating our clients about what potential attacks could do to their operational systems, while also preparing their network to fight these attacks and keep systems secure as the designated IT services provider. While we do install anti-virus software for our clients, it’s only one tool in our belt, given that additional layers of security are needed now that hackers are more sophisticated. Before we get into why you can’t solely depend on anti-virus to stay secure, let’s define terms that are crucial to understand when we’re talking about anti-virus software and security. 

Malware is a broad term that really defines any malicious code or program that gives an attacker explicit control over your system. It may refer to all types of malicious programs including viruses, bugs, bots, spyware, etc. and even ransomware.

Anti-virus - Anti-virus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.  It’s the most commonly used weapon against malware.

Layered Security -- Layered security, also known as layered defense, describes the practice of combining multiple security controls to protect assets, such as resources and data. 

Now that we have some context, let’s talk about why anti-viruses can’t keep up with the increasing number of malware attacks. While there’s been thousands of cyber-attacks, one that really called attention to this growing issue of anti-virus protection happened in 2013. Over the course of three months, attackers installed 45 pieces of custom malware and stole crucial information from The New York Times. The Times — which uses anti-virus products made by Symantec — “found only one instance in which Symantec identified an attacker’s software as malicious and quarantined it.” The IT services team just didn’t catch it.

To get rid of the hackers, The Times, “blocked the compromised outside computers, removed every back door into its network, changed every employee password and wrapped additional security around its systems.” Ultimately, this is just one example of how hackers can create software that surpasses anti-virus software. They’re now able to design a piece of malware, run it on a computer with that anti-virus product to see if it will be detected, and if it is, then they can modify the code until the anti-virus software no longer detects it. What this means is that unless a traditional anti-virus software has seen a particular threat in the past, it won’t necessarily protect your computer. There are other new products that are able to ward off some of these new threats. For example, Cylance Inc. develops anti-virus programs with Artificial Intelligence to prevent, rather than re-actively detect, viruses and malware, this is also referred to as “Next Generation Protection”. So, what else can you do to stay secure?

1. Keep Your Systems and Software Up-To-Date: One of the most common ways hackers launch attacks? Exploiting vulnerabilities in operating systems and software that are out of date. Simply put, when technology reaches its End of Life or End of Support date, patches, bug fixes, and security upgrades automatically stop, putting your technology at risk for an attack. Educating your team about when and how to update software and systems can keep you safe. Our IT services team works to monitor when these End of Life/End of Support dates as well.
2. Firewall installation: You will want a business firewall to keep your company data protected.  You can implement a firewall in either hardware or software form, or a combination of both. Your IT managed services provider can help you set this up and monitor it for success on an ongoing basis.  There are next-generation firewalls as well. Unified threat management (UTM) provides multiple security features and services in a single device or service on the network. UTM includes a number of network protections, including intrusion detection/prevention (IDS/IPS), gateway antivirus (AV), gateway anti-spam, VPN, content filtering, and data loss prevention, just to name a few.
3. Encrypting Information: If a hacker can infiltrate your system, encrypting your files can make the information useless if it is stolen. Encryption is the most effective way to achieve data security because it turns your crucial information into code. To read an encrypted file, someone would need access to a secret key or password that enables them to decrypt it. BitLocker, Microsoft’s easy-to-use, proprietary encryption program for Windows can encrypt your entire drive, as well as protect against unauthorized changes to your system such as firmware-level malware. 
4. Password Management: We’ve talked about this before, and we encourage you to create a password protocol for your company. Changing passwords often and ensuring the passwords are difficult to guess are two ways to protect yourself. You can read more about our password tips here.
5. Image-Based Backups:  It’s important to be in a position to recover your environment with backups if you encounter a breach. At Five Nines, we use image-based backups to keep your business running. Image-based backups are just what the name states: an image of your entire operating system, rather than individual files on your PC. 

The purpose of multi-layered security is to stop cyber attacks on different levels, so they never reach the heart of your system and affect essential information. While it’s crucial to use anti-virus software, it cannot be your only line of defense. 

Have questions on how this affects your business?