5 Cybersecurity Tips to Keep You Safe at Home & Work

#1 – Practice Good Password Hygiene  

To practice good password hygiene, you will want to use strong and unique passwords and enable two-factor or multi-factor authentication. If you’re worried about having to remember a large number of unique passwords for all your accounts, Jessica suggests downloading the free password manager “Last Pass” on your desktop or mobile device.  


#2 – Know Your Risk Factors  

Be aware that there is a cybersecurity risk of just browsing the internet or having an email address – it’s low, but it’s there. Jessica suggests using haveibeenpwned.com to check if an email address, password, or website has been compromised and how frequently. From here, you can make more knowledgeable decisions on website subscriptions or update your accounts with higher-strength passwords.  


#3 – Perform Regular Updates  

Hopefully, your IT department is frequently performing these on your work devices, but it should be done on personal devices as well. For a Windows device, you can type “Windows Update Settings” in the search bar and check for updates. A good rule of thumb is every 30 days to ensure your device works as efficiently as possible.  


#4 – Have a Backup Solution  

Be proactive rather than reactive. If you don’t have something in place now, it will be too late when you do get hacked. Back up essential documents using cloud-based methods such as Google Drive or iCloud. If you are someone with a vast amount of data to store, Jessica suggests a paid backup solution: BackBlaze is only $6/month for unlimited storage.  


#5 – Think Before You Click  

Be wary of unsolicited messages – emails, texts, online ads. Hackers send these in hopes of gaining access to your credentials or to prove your domain is credible. Jessica suggests you do not respond, do not click on links, and always delete. Also, mark as spam, block sender and notify your IT department. It’s better to be safe than sorry.  


Topics: Phishing, Cybersecurity

3 Reasons Why Companies Consider Outsourcing IT


You come to work with all systems operational: patients are being checked in. Nurses are filling out charts. Doctors are prescribing medicine. Everything in your hospital is working exactly how it should.

In an instant, that changes. Your system is down, and now patients can’t get checked in, nurses can’t access records and crucial information that might save a life, can’t be accessed.

Can you afford that?

Technology unites us all. From banks to hospitals, we’re living in a period where technology is not only evolving but so is the experience you need to maintain your daily technology operations and innovate. Where technology gains in efficiency and security, so to do the ways in which hackers and malicious cyberattackers decide to threaten it.

In the last 3 years alone, over 11.7 billion records were lost or stolen by hackers in the United States, according to an IBM Study, in 2019. And when data breaches happen, targets feel the burden for years.

Why do companies look to outsource their information technology needs?

With threats increasing and technology advancing, companies are looking to their internal teams to help protect them from high-level attacks and to secure their confidential information, on top of staying operational for day-to-day business. But when you are a small to mid-sized company, those resources might not exist or have the capacity to truly protect your environment.

Below are some of the top 3 reasons we see companies turning to outsourced managed I.T.


  1. Accountability

    Imagine being able to walk into work knowing your systems will be operational. Imagine opening a new rotating line of credit knowing that the borrower’s information will be secure. Imagine having a plan in place for business continuity when the power goes out and you still must treat patients. Imagine that responsibility being on the shoulders of an outsourced partner.
    When done correctly, adding an outsourced managed IT provider should alleviate your pain and concern. This partner should act as an extension of your team, and know not only your environment, but your goals as a company, your mission statement, and understand what must work to be operational and within regulatory compliance. Shifting accountability means when a computer goes down, we fix it. When a server needs upgrading, we upgrade it. When a malicious email enters your environment, we block it. When your end-users need the training to prevent ransomware or phishing, we provide it. When you shift accountability to a managed service provider, you are shifting the burden you are feeling to an expert who doesn’t see it as a burden. We see it as what we do best. And you get to sleep better at night.

  2. Expertise

    Whether you are a rural bank or an attorney’s office in the middle of a thriving city, finding and maintaining talent can be nearly impossible. Think about your team. How many total employees do you have, not including your IT team? Divide your team by the number of IT employees on staff. If you have 100 employees and 2 internal IT, that means each IT employee is constantly responsible for the tier one issues of 50 employees. While those two employees are battling the tier one requests (my computer isn’t working, I need to reset a password, this program won’t open, my phone isn’t receiving calls), who is monitoring your servers? Who is creating and developing training to educate your employees on which emails are safe and which ones are disguised and are threats? Who is procuring your new servers or computers? Who is installing them? When you have a small internal team, your resources are limited. Adding an MSP not only shifts accountability but deepens the bench strength of your resources. When an MSP enters the picture, you now have separate teams working on projects for you simultaneously.

  3. Efficiency

    What happens when you start checking in patients quicker and they get access to the healthcare needed faster? What happens when your bank successfully sends more wires than you ever have before? What happens when your environment is protected and your team is down for less time, experiences fewer technological obstacles, and customers receive a better experience? Your business thrives. When you partner with an MSP, you are no longer worrying about accountability, staffing internal IT, or checking all the boxes. Instead, you are focusing on the day-to-day tasks that allow you to achieve your mission. Efficiency is the product of the technology marrying process. When your environment is healthy, operational, and experiencing less down time, you are operating in a more efficient way which empowers you and your business to operate at new levels.

    If you have been contemplating adding an MSP, you should start by evaluating the statements below.

    1. Our environment is completely secure, backed up, and we are not at a threat of being hacked or breached.
    2. Our regulators would look at our technology and processes and approve them without a second thought.
    3. Our internal team can maintain all tier-one requests while also addressing our network security, our employee training, our warranty on equipment, our procurement, and our reporting.
    4. Our bank/hospital/office is running at 99.999% uptime and never experiences outages or issues.
    5. We have a firewall and email encryption in place that would proactively prevent a phishing email getting to a vulnerable recipient.
    6. We receive quarterly reports (or more frequent) on budget, the health of our environment, strategic goals, project updates, and support ticket evaluations.
    7. Our employees are trained on secure behaviors.
    8. Our technology is a competitive advantage over our competition

    If you have concerns over any of them, send us a message and let us help you see why an MSP could help I.T. stop being a four-letter word.

Want to learn more about implementing multi-factor authentication for your business? 


Topics: Security, IT, Managed IT Services, Cybersecurity, Multi-Factor Authentication, anti-virus

Multi-Factor Authentication - What It Is & Why It Matters


We’ve talked a lot about the importance of changing your password and making sure you choose passwords that aren’t easily guessed. And while you should always beef up your password game, no matter how strong a password is, there’s still potential for attackers to gain access through a phishing scheme or an email interception.


This is where multi-factor authentication can serve as another security control. Multi-Factor Authentication (MFA) is a security system that verifies a user’s identity by requiring multiple credentials. Instead of just asking for a username and password, MFA requires that a user provides two separate types of authentication from these three categories:

  • Something you are (fingerprint, facial recognition)
  • Something you have (security card, mobile phone, iPad)
  • Something you know (your password, passphrase, PIN)

MFA is typically set up to include the “something you know” (i.e. your username and password) with “something you have” (e.g. a one-time passcode from a device you own, such as your mobile phone).

In recent years, multi-factor authentication has become more common for personal use, and many online applications (Apple, Facebook, Instagram, Twitter, Google, and LinkedIn) have adopted MFA processes.

As businesses need to lock down additional programs and applications to protect their data, it’s important they strongly consider adding a multi-factor authentication process to their IT security plan.

1. While antivirus, firewalls, and password management strategies are a component of your overall IT strategy, you still want to make it as difficult as possible for attackers to even log into your systems. They not only take data, but can hijack systems, alter programs or introduce malicious code. If someone had easy access to all your company’s key data, imagine how they could use it to hurt your business and your bottom line.

2. Password theft will continue to accelerate. Cybercriminals are constantly innovating new techniques to steal the keys to your company’s gate. Adding MFA requires that all user identities are verified before they can log into corporate applications.

3. Today, more and more people are working remotely but still need access to their files and company-wide information. Since accessing remote environments does not require someone to be onsite in order to gain access, adding MFA creates a second layer of security to ensure that whoever is accessing the remote resources are really who they claim to be.

With the increase of cyber attacks on businesses, password strength alone cannot be relied on as the only layer of protection. Multi-factor authentication is a proven way to stop 99.9% of automated attacks that would otherwise succeed by using a compromised or easily guessed password.

Want to learn more about implementing multi-factor authentication for your business? 


Topics: Security, IT, Managed IT Services, Cybersecurity, Multi-Factor Authentication, anti-virus

IT Asset Management: What It Is & Why It’s Important


It’s likely your company depends on several pieces of technology to consistently deliver a seamless product or service to your customers. When you consider that, protecting your technology assets and the IT environment that supports them for day-to-day business is a crucial aspect of your overall business strategy. 


An IT asset is any company-owned information, system, or hardware that’s used during business operations. It’s data, devices, software, workstations —  all of the integral components of the IT systems and network infrastructure. 
Considering these assets are highly valuable to your company, setting up policies and processes for managing them can help your IT team keep track of it all, and stay ahead of the technology curve.
So, how do you do that? IT Asset Management (ITAM) is the answer. It’s a set of business practices designed to track all of your IT assets and optimize them for your business. It includes looking at financial requirements, inventory, and contractual functions, so your company can make smarter decisions with your budget and lifecycle management of your IT. It’s something your IT team internally can do or an IT services provider like Five Nines can take the lead (and eliminate the headaches) on as well. 
If what we just listed above sounds like a ton of work, we’ll be honest: it is. But, the process you go through to create an asset inventory and take stock of where you’re at with each piece of technology can maximize returns and significantly decrease the risk for serious problems down the line. This process also bridges the gap between your IT support team and the other people in your company, as everyone starts to understand what the value is of the technology. The goal of ITAM is to help create a centralized location to oversee all of the IT assets for the company. In other words, you’re taking stock of what you have and creating a place to store it all, so you can continually manage what you have.
While the process can vary from company to company, at its core ITAM strategy requires a complete IT inventory that gives an organization a snapshot of every IT asset they have. It roughly includes the process of verifying that each asset is:
· Up-to-date with security or software changes
· Protected and properly configured
· Working to protect your company from hackers or cyber attacks
· Not causing internal issues that could be slowing your team down or causing lag times
· Not costing the company exorbitant dollars in mismanagement 
For some larger companies, this means investing in third party software to track everything or bringing in the third party that can prioritize this critical task if your IT support team is needed in daily operations. When you consider what could be potentially overlooked, it’s well worth the time. You wouldn’t want to:
· Fall out of compliance in your industry and potentially get a violation or fine
· Have your business go down for a day because IT systems stop working
· Lose man-hours due to slowdowns caused by outdated assets
· Get cyber hacked because your systems have vulnerabilities 
These are just some of the key reasons why IT Asset Management is important as there’s a lot on the line when you're not managing these assets. And even when you have a plan in place, your IT services provider or your internal team (or IT support team) should still carry out an audit from time to time.
Need assistance with managing your IT? Five Nines is your IT support team for 2020. Let's talk about how to make sure you're prepared. 

Have questions on how this affects your business? 


Topics: Security, IT, Managed IT Services, Cybersecurity, anti-virus

Tools To Get The Most Out Of Office 365


Cloud services have modernized the way company's work and allow for collaboration in any place, with any device. At Five Nines, we’re big fans of Office 365 applications, but there are so many features of the platform, that it can get confusing to understand which ones you should use, and how they integrate. Let’s break down some of our favorite applications and how you could leverage to improve your workplace communication and collaboration.


OneDrive for Business is a cloud service that allows you to store and protect your personal business files, and access them on any device. OneDrive also offers the ability to share documents and choose permission levels, such as read-only or edit access. You can also sync files back to the cloud easily when you’re connected to the internet.

SharePoint Online, on the other hand, is a more collaborative space to store documents. SharePoint allows for cross-team collaboration, and also supports company-wide employee interaction. Everything that’s saved to SharePoint can be automatically accessed by anyone that has permissions to the drive. Team members also have the ability to work on Office documents with other individuals simultaneously, and the changes are updated in real-time.

Now is when you might be thinking, why exactly would I need to have SharePoint and OneDrive if they’re so similar? You’re right, at first glance, SharePoint and OneDrive could be mistaken as the same applications and purposes, but we like to look at it this way:

Let’s say you’re on a team of 4 in a marketing department and work closely with other people across your organization.  You would want to use a SharePoint site to store approved marketing collateral, logos, and other resources that can be accessed company-wide. You might also have a team-specific SharePoint that’s used to store and work on documents that only the marketing team can access, like marketing plans and design files. You would also have OneDrive for files that you would use on a personal level, that doesn’t necessarily need to be accessed by anyone else. These files would still be secure and saved in the cloud so that you could share them if you need to, but can also be accessed from another device or when you’re not connected to the network.

Microsoft Teams is a chat-based workplace to facilitate projects, communication and meetings. The chat function on Microsoft Teams allows you to have threaded conversations, helping you store brainstorming sessions, conference calls, and other meetings into one, easy to find, place. You won’t have to go through pages of notes or thousands of emails looking for a certain conversation – with Microsoft Teams, you have it all at your fingertips. The feature also allows you to choose between team and private discussions, as well as audio and video chats with colleagues both inside and outside of your organization, if you have external access turned on. Documents that are worked on in teams automatically sync up to SharePoint Online.

Flow allows you to automate business processes by building specific workflows that are based on specific actions or triggers. For example, This could be as simple as getting an email alert when someone modifies a file or as complex as a multi-step workflow with approvals, alerts, and notifications that are based on an analysis of real-time data. You can create different types of "flows" that are either triggered by an event, a button or pre-scheduled. Microsoft provides a plethora of templates you can pick from, some of them designed for specific situations (productivity, sales, software development, etc.) to get started.

No two businesses are the same, and there is not a one-size-fits-all approach to collaboration, but with Office 365 there are many tools available to help make working with your teams more successful, whether you’re sitting in the same office, or across the country, or working from home. Interested in learning more about these applications and how we can help implement them? Click the button below and let's chat.

Have questions on how this affects your business? 


Topics: Security, IT, Managed IT Services, Cybersecurity, anti-virus

How To Prepare Your Team For A Cyber Attack: KnowBe4


As we close out the end of the year and look ahead, it’s important to keep cybersecurity top of mind in 2020. As a business, taking the time to educate your team about cybersecurity can help create a security-conscious company culture, where people are not only aware of the risks, but they’re also able to spot them before they unknowingly create a costly mistake for the company.


The Verizon 2019 Data Breach Investigation Report states that 34% of all breaches in 2018 involved people inside of the organization. The most common type of “insider threat” is when an employee unknowingly makes a mistake, leaving a device exposed or falling victim to a scam by clicking a bad link. Insider threats can, unfortunately, go undetected if an employee doesn’t realize what happened or understand that they fell victim to an attack and they need to report it to IT support.
The way to protect your company from this scenario is to deploy end-user security awareness training. The data backs up the fact that it’s cheaper to do this type of training, than deal with the consequences of a breach. The Ponemon Institute 2018 Cost of Insider Threats Study shows that the average cost of an insider-related incident is around $513,000. Insider-related incidents can cost a company up to $8.76 million a year. In North America, this number is even higher — up to $11.1 million a year. 
Why chance it? Train your internal staff now and partner with your IT support team, so that everyone is conscious of their actions when it comes to cybersecurity and thwarting phishing attempts.
At Five Nines, our IT support offers a subscription service that companies can use to train their employees called KnowBe4. It’s a security awareness training that was built by Stu Sjowerman, a serial entrepreneur and data security expert with more than 30 years in the IT industry. He was also a hacker himself. What sets this product apart: the new-school security awareness training is an interactive, on-demand browser-based platform that simulates phishing attacks and scams, so your employees gain firsthand knowledge on what they look like. Our IT support team helps companies take employees through a baseline test to show how Phish-prone each employee is to an attack and then we continue to reinforce the training through simulated phishing attacks that teach them how to respond.
The KnowBe4 platform is user-friendly and intuitive and more importantly, when training is implemented on a monthly basis, employees start to understand how to protect your most critical data and assets through vigilance. With platform metrics, your leadership team can even gain an understanding of what each employee’s Phish-prone percentage is and how they can improve their test scores over time. Through our subscription, we give you access to the world's largest library of phishing and email templates, so your team can continue to deliver real-world testing campaigns from brands your employees may think they can trust. After all, it only takes one click from a brand they think they recognize, to majorly compromise security.
Here at Five Nines, our IT support team can work directly with our clients to build and manage a completely custom security awareness training program for your staff. We've learned how to use the world’s largest security awareness training and simulated phishing platform to your advantage.
Interested in security awareness training for your staff but need more information from IT support experts? Check out this KnowBe4 guide and let’s talk!

Have questions on how this affects your business? 


Topics: Security, IT, Managed IT Services, Cybersecurity, anti-virus

You Can’t Depend on Anti-Virus To Stay Secure. Here’s Why


As technology continues to change, the number of ways your company can be targeted in a malware attack grows. At Five Nines, we put a major emphasis on educating our clients about what potential attacks could do to their operational systems, while also preparing their network to fight these attacks and keep systems secure as the designated IT services provider. While we do install anti-virus software for our clients, it’s only one tool in our belt, given that additional layers of security are needed now that hackers are more sophisticated. Before we get into why you can’t solely depend on anti-virus to stay secure, let’s define terms that are crucial to understand when we’re talking about anti-virus software and security. 


Malware is a broad term that really defines any malicious code or program that gives an attacker explicit control over your system. It may refer to all types of malicious programs including viruses, bugs, bots, spyware, etc. and even ransomware.

Anti-virus - Anti-virus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.  It’s the most commonly used weapon against malware.

Layered Security -- Layered security, also known as layered defense, describes the practice of combining multiple security controls to protect assets, such as resources and data. 

Now that we have some context, let’s talk about why anti-viruses can’t keep up with the increasing number of malware attacks. While there’s been thousands of cyber-attacks, one that really called attention to this growing issue of anti-virus protection happened in 2013. Over the course of three months, attackers installed 45 pieces of custom malware and stole crucial information from The New York Times. The Times — which uses anti-virus products made by Symantec — “found only one instance in which Symantec identified an attacker’s software as malicious and quarantined it.” The IT services team just didn’t catch it.

To get rid of the hackers, The Times, “blocked the compromised outside computers, removed every back door into its network, changed every employee password and wrapped additional security around its systems.” Ultimately, this is just one example of how hackers can create software that surpasses anti-virus software. They’re now able to design a piece of malware, run it on a computer with that anti-virus product to see if it will be detected, and if it is, then they can modify the code until the anti-virus software no longer detects it. What this means is that unless a traditional anti-virus software has seen a particular threat in the past, it won’t necessarily protect your computer. There are other new products that are able to ward off some of these new threats. For example, Cylance Inc. develops anti-virus programs with Artificial Intelligence to prevent, rather than re-actively detect, viruses and malware, this is also referred to as “Next Generation Protection”. So, what else can you do to stay secure?

  1. Keep Your Systems and Software Up-To-Date: One of the most common ways hackers launch attacks? Exploiting vulnerabilities in operating systems and software that are out of date. Simply put, when technology reaches its End of Life or End of Support date, patches, bug fixes, and security upgrades automatically stop, putting your technology at risk for an attack. Educating your team about when and how to update software and systems can keep you safe. Our IT services team works to monitor when these End of Life/End of Support dates as well.
  2. Firewall installation: You will want a business firewall to keep your company data protected.  You can implement a firewall in either hardware or software form, or a combination of both. Your IT managed services provider can help you set this up and monitor it for success on an ongoing basis.  There are next-generation firewalls as well. Unified threat management (UTM) provides multiple security features and services in a single device or service on the network. UTM includes a number of network protections, including intrusion detection/prevention (IDS/IPS), gateway antivirus (AV), gateway anti-spam, VPN, content filtering, and data loss prevention, just to name a few.
  3. Encrypting Information: If a hacker can infiltrate your system, encrypting your files can make the information useless if it is stolen. Encryption is the most effective way to achieve data security because it turns your crucial information into code. To read an encrypted file, someone would need access to a secret key or password that enables them to decrypt it. BitLocker, Microsoft’s easy-to-use, proprietary encryption program for Windows can encrypt your entire drive, as well as protect against unauthorized changes to your system such as firmware-level malware. 
  4. Password Management: We’ve talked about this before, and we encourage you to create a password protocol for your company. Changing passwords often and ensuring the passwords are difficult to guess are two ways to protect yourself. You can read more about our password tips here.
  5. Image-Based Backups:  It’s important to be in a position to recover your environment with backups if you encounter a breach. At Five Nines, we use image-based backups to keep your business running. Image-based backups are just what the name states: an image of your entire operating system, rather than individual files on your PC. 

The purpose of multi-layered security is to stop cyber attacks on different levels, so they never reach the heart of your system and affect essential information. While it’s crucial to use anti-virus software, it cannot be your only line of defense. 

Have questions on how this affects your business? 


Topics: Security, IT, Managed IT Services, Cybersecurity, anti-virus

Cyber-Insurance:How It Can Save You Long-Term


It's likely you have insurance plans for all of the unforeseen circumstances in life: apartment fires, cell phone accidents and even getting sick. You may think of these plans as no-brainers, but have you considered whether you need the same insurance for your cybersecurity? 

According to a recent study completed by IBM in 2019, it’s estimated a data breach on average can cost a business roughly 3.9 million dollars. That number is still hard to pinpoint, given that many major companies may not report breaches due to PR concerns. Costs may vary for every business, but cyber-related security breaches are affecting organizations all over the world, large and small. 



A cyber-insurance policy, also referred to as cyber risk insurance or cyber liability insurance coverage, isn’t a tech solution, but it can be a fail-safe for your business when something goes wrong. A policy can help you decrease your risks by offsetting costs that are related to a cyber breach or event. 

There are a few aspects you need to discuss with your team, whether that’s your IT services provider or internal team, before purchasing cyber insurance and deciding what policy may best protect your organization:

  1. What it covers: Cyber insurance typically covers expenses related to first parties as well as claims by third parties. Common reimbursable expenses include: forensic investigations that were needed to determine what happened, remediation costs for recovering data and services, monetary losses due to business interruptions, required data breach notifications to notify customers and affected parties about the breach and even legal expenses associated with lawsuits or extortion. Your IT support team can also help you understand what it covers as well.
  2. Who needs it: If you have even a single computer in your organization, then you have electronica data or services that are important to your business operations. At Five Nines, we strongly believe that cyber insurance is a mandatory component of a complete business risk-management strategy.
  3. How to determine what you need: Consider how your business would be impacted if your data and IT systems were unavailable for a day or two. If you’re in a regulated industry, you likely have mandatory expenses if personal identification or health information is breached. Though it’s never recommended to pay the ransom if your data is held, the demand could be tens, hundreds or thousands of dollars – those costs can be colossal compared to a cyber insurance premium.

After you evaluate these areas, you should meet with an insurance agent to discuss coverage amounts, premium costs, and deductible or retention costs. Some providers have packaged ‘business policies’ with a small amount of cyber insurance included, but those coverage amounts are often far from adequate. While every business has different insurance needs, a few general indicators of a policy with good coverage are:

  • Look for a standalone cyber policy from a leading provider such as Chubb, Travelers, Hartford, Beazley, AXIS, Hiscox, Zurich, Liberty Mutual, or similar.
  • Consider a policy with a deductible/retention of $10,000 or more. Policies with lower deductibles may be an indicator of inadequate coverage or an excessively-high premium.
  • Line-item coverage limits should be in the hundreds of thousands or millions for specific cyber incident costs, such as Business Interruption coverage, Breach Notification and Remediation coverage, Crisis Management coverage, Extortion or Ransom coverage, and Data Restoration coverage.

    You won’t be able to 100% protect your company from cybercrime, but you can set yourself up for a best-case scenario ahead of time by obtaining cyber insurance. Take the first step by talking to your IT team to assess your insurance needs, then contact a reputable insurance provider to review policies.

    Need cyber insurance but don’t want to do it alone? Let’s chat.

Have questions on how this affects your business? 


Topics: Security, IT, Managed IT Services, Cybersecurity

The Difference Between Backups and Disaster Recovery — And How To Plan For Both


As business owners, we typically prefer not to think about what would happen if we suddenly lost all of our company’s data and crucial information through a breach or accident. With client trust on the line and possible lack of compliance with regulation, there’s major potential for disaster. Ignoring this is a blind spot that puts our business, and our customers in jeopardy. While IT support can help, we still have to be mindful of planning ahead. 

If you’ve been through a personal data loss with your own computer or phone, then you know there are often ways to restore information, but that still takes time and effort. And the “disaster recovery process” only goes smoothly if you’ve completed backups.



To take a step back, it’s important you understand there’s a distinction between a backup and what’s called “disaster recovery.” A “backup” is the process of creating an extra copy (or multiple copies) of data. You back up data to protect it. You might need to restore backup data if you encounter an accidental deletion, database corruption, or problem with a software upgrade.

Disaster recovery, on the other hand, refers to the plan and processes for quickly reestablishing access to applications, data, and IT support and resources after an outage. That plan might involve switching over to a set of servers and storage systems until your main data center is up and working again. Or, working with your IT support to develop more solutions. 

If you want your business to continue running smoothly after a breach or data loss, you have to have a master plan for recovery. Being from the state of Nebraska, we’ll use a simple football analogy to explain: If a quarterback fumbles the ball, how does the team pick it up as quickly and as efficiently as possible so they can make another touchdown? No teammate is pausing to ask each other, ”What should we do?,” they’re bobbing and weaving into the next play.

Remember, a backup strategy is different than your disaster recovery strategy.  Copying your data is the first step and creating a disaster recovery plan as an insurance that guarantees its recovery is the second one. To create your company’s disaster recovery game plan, what you should consider is the cost of downtime for your business (how long can you afford to be out of the game before your fans leave the stadium) and these three plays:

  1. How often are you currently completing back-ups without errors or exceptions? Include your personnel in the plan, your internal team members and your IT support, and determine how frequently backups should be performed, who will perform them and who will be on call to restore data in the event of an emergency. Also build a QA process into your plan to ensure the data that is backed up is consistent and free of errors.
  2. What are your data retention requirements? Backups are typically performed daily to ensure the data is retained. But, your team should consider what your RTO (recovery time objective) is in your overall plan, so there’s a baseline understanding of what the maximum amount of time is that YOUR business can be without IT systems.
  3. How would you recover if something happened? Would you have your IT support team ready to step in and help support new infrastructure if your hardware or resources became compromised? It’s important to consider the little details. How are you actually double checking the relevant data you need is backed up? Do you understand the type of files and whether that type needs to be backed up? What is your IT support team responsible for versus your internal staff? Building a complete disaster recovery plan means sitting down with your team and thinking about every scenario. 

By having a process in place, disaster recovery planning does become an integral part of your business’ IT strategy, and when you plan, you show your customers you truly care about keeping them safe too. 

Need help developing a disaster recovery plan and managing your backups? Let’s chat.

Have questions on how this affects your business? 


Topics: Security, IT, Managed IT Services, Cybersecurity

Strategic IT Planning for 2020


2020 is quickly approaching and it’s already time to start strategically planning to hit next year’s IT goals. Our rule of advice is that your team should sit down and map out your technical environment for the next 18 to 24 months, and set a 3-year budget that goes hand in hand with your strategic planning. You won’t know what you’ll need to spend until you do your homework, so here’s what matters when it comes to building a successful IT plan for 2020.




1. Identify what equipment is currently performing well versus what may need to be replaced.

This process is known as “IT asset management” and it typically involves gathering all of your company’s hardware and software inventory information and completing an audit. Your team will need to identify what needs to be replaced, what can be potentially reused and where the gaps are in your technology equipment. Your IT services provider can also help with an audit. You want to take note of how your equipment is currently performing, the age of the hardware and inventory all hardware or anything that has a renewal date such as a warranty, domain, or SSL certificate so you can budget for those costs as well.


2. Stay aware of end-of-life and end-of-support dates for your technology.

Your IT services provider should be alerting you about when these dates are fast approaching. To learn more about the difference between the two, you can read our previous post here. Essentially, end-of-support means that the product provider you work with has decided to no longer provide a support line. And, end-of-life date is a term used to describe when a product is no longer for sale. You should plan for both of these scenarios as businesses can experience compromised data security, decreased productivity, higher maintenance costs, non-compliance and problems with scalability.


3. Complete a risk assessment with your team.

Create a series of questions that assess your standards, guidelines and best practices and use the assessment on an annual basis to understand where the gaps were. Was there a data breach you weren’t technologically prepared for in 2019? Did you run into complications with equipment you’re currently using that cost you man-hours? Your team should look at what was effective and ineffective in your IT infrastructure. And, you can use cybersecurity standards such as NIST or ISO to understand what may be a priority for 2020 to protect your business.



4. Consider if you have the right tech talent on your team.

Whether it’s an IT services partner or an internal hire, decide who you need on your team to execute the strategy you’ve developed for your business. If you’re needing to bring in an external partner or new hire, you’ll want to include this cost in your overall budget and consider what the return on the investment may be.


5. Prepare a budget that prioritizes your company’s needs. 

Your IT services team can be a resource to rely on when deciding where you want to allocate your dollars. As we said, map out a 3-year budget to go with your strategic plan. Consider what the top priorities are, what you have coming up in your IT pipeline (new projects where IT may be key), pay increases for your IT talent and all of the equipment and renewals that may need to be replaced. Even getting vendor proposals and recommendations ahead of time can help you better estimate what you'll likely need to spend on initiatives. Your team should look at your overall business structure and make budgetary decisions based on how IT can sustain, protect or considerably decrease your bottom line. 

While we know this process of IT strategic planning can take time and energy, it's worth it to eliminate future headaches that may come from lack of preparation.  If you’d like to better understand how to plan for IT in 2020, we are here to help. Contact us today.


Have questions on how this affects your business? 


Topics: Security, IT, Managed IT Services, Cybersecurity