#managedservices

Tools of the Tirade

Tools.png

If you saw a hammer lying on the ground for the very first time, would you know what it was for or how to use it?  It’s very difficult to imagine you wouldn’t because it’s so engrained in your mind.  The large flat face on one side used for hammering in nails and opposing claw used for removing nails.  Not much has changed in the design in thousands of years.

If you saw a drill lying on the ground for the very first time, there are several questions to consider before knowing what it is and how it works.  It could be a hand drill, a drill with a cord, or a drill with a battery pack.  Each is designed for the same purpose but knowing how to use them and use them effectively does take some level of research and education. 

My grandfather was a renaissance man, a master of carpentry, stonework, leather; you name it and he could design it, build it and repair it.  I spent hours of my childhood watching him ply his craft, asking questions and learning about tools.  He taught me the important principle of “measure twice, cut once” when woodworking.  His shop was full of every type of hand tool and serious power tools.  There was just enough room for a table saw, planer, lathe, drill press, band saw, grinder, router and more.  The two things my grandfather always taught me first was purpose and safety.  I must first learn the purpose of the tool and then how to use it properly and safely.  Using a drill to cut wood would be a misuse of it’s purpose and cutting wood without eye protection and ‘guards’ could result in a lost eye, finger or worse.

I realized later in life how great the value of this informal introduction and education would become when I became a homeowner and started the cycle of never ending ‘projects’.  Many of the tools have changed with the advancement and power of batteries, but the purpose and safe use of use the tools remained basically the same.

Technology related tools are the same, yet different.  When first introduced to the concept of email, one first had to understand the purpose – to send information electronically instantly, without the delays of associated with mailing an envelope.  As email took off, safety was not in the conversation, it was all about speed and efficiency.  Sending documents across oceans saved days and dollars.  It wasn’t until much later the dark side of viruses, scams, and basic maliciousness in email became commonplace and security was added to the ‘safety’ side of the equation.

As email progressed through the years, the way and how we use it is relatively the same, but the ‘look and feel’ as changed.  The send and receive functions remain the same, but they may appear differently based on the type and age of software being used.  The ‘look and feel’ in technology terms is referred to as the graphical user interface or GUI.  Every time the GUI changes in email I can plan on a call from my mother to help her find the Send, Receive and, most importantly, the Print buttons.  Even slight changes in the tool can throw her off, resulting in frustration and a decrease in productivity until she has become fully accustomed to the ‘new way’.

Today, there are thousands of technology tools at our disposal, which is a blessing and a curse.  There’s an ‘app’ for everything allowing tools to expand from the computer to smartphones and now watches.  What a cool thing!  I can send an email from my watch!  No way!  Literally, there is no way to use the new technology unless I take the time to learn how or have someone show me.  With all the advances has come complexity.

To make matters worse, vendors are in an arms race to develop and release new tools and improvements to existing tools at a blistering pace.  Take Microsoft Outlook for example.  Outlook has been around for years as a tool to consolidate email, contacts, calendars and tasks.  Once four separate tools, it became the Swiss Army Knife for basic business productivity.  Over the years, the look and feel GUI of Outlook has changed many times and with it the renewed requirement to learn what’s changed.  Where’s my send button?  Where’s my print button?  What’s the Junk Email folder?

With the evolution of tools has come a commensurate business expectation that you will become more productive.  After all, vendors are putting more power in the hands of users to do more than ever before.  But at what cost?  If tools are simply released without the benefit of understanding the purpose and how to use them safely, what are we really gaining?  In many cases it’s more business risk.  Random users can send sensitive private information anywhere without a thought and companies fall victim to crippling ransomware with a single click.

The pressure to do more faster with less is palatable

So what to do?  When do we pause for a second before wielding the new sword to fully understand it?  A great case study is Microsoft Teams.  Anyone that has Microsoft Office 365 has probably received the annoying, uninvited popup message asking you to try Teams and to “Sign up for free”!!  Microsoft does this without warning, which can be not only irritating, but confusing.  Are you supposed to upgrade to Teams?  If you do upgrade, what happens?  What does it mean?

Teams.png

Don’t get me wrong, Microsoft Teams is a good product with many very helpful capabilities for improved collaboration.  But what is it?  I’m oversimplifying here for brevity.  Years ago, Microsoft had a product called Lync.  Lync was used to send instant messages, for voice and video for calls and meetings, as well as sending files and sharing your desktop.  In 2011 Microsoft acquired Skype to boost the calling capabilities globally of the Lync product.  Almost overnight the Lync logo changed to the Skype logo.  Then Skype became Skype for Business, which allowed for more users, security, etc. businesses would need.

Around this same time, Microsoft released Office 365 as the platform for hosting Microsoft Exchange email, Microsoft Office, Skype for Business, and others, all hosted directly by Microsoft.  As part of Office 365 came the Skype for Business logo.  Then in late 2018 the Skype for Business suddenly disappeared in favor of the Teams logo.  Now Teams is the standard ‘collaboration’ tool within Office 365.

That was a long way to go to get to Teams and why it keeps popping up on the screen requesting to be used.  The problem with this approach, as with any tool, is it asking, even begging users to start using it without first understanding the purpose and how to use it safely.  Compounding the issue is Microsoft’s continual barrage of new products being added with no explanation as to what they are and why we should use them.

For end users, this is not only confusing, it can be very frustrating and dangerous.  If you run a business, you may have half your employees using Teams without your knowledge doing who knows what and the other half continually asking “what is Teams?”, “why does it keep popping up on my screen?”.  We are back full circle to the potential for employees to send sensitive private information insecurely without even knowing it.

The point is, tools are great and can really improve our lives in business and personally, but only if deployed and used in a controlled and planned manner.  Time must be invested to first understand the purpose of the tool, how and why it can improve employee productivity (value), and how to use it safely (reduce risk) with the proper amount of user education to ensure success.  It takes many slammed thumbs to drill a hole with a hammer.  Take the time to respect the tool enough to learn its purpose and responsible use before releasing it in the wild.

What are managed services?

BellRing.png

As the world around us changes, so do the terms we use to describe things that have been around for decades.  This phenomenon is very noticeable in the political arena with the advent of changing terms to be “politically correct”.  I’m not going anywhere near political topics in this blog, but you get the point.

Terms are also changed in the business world, often by someone in marketing trying to put a new spin on an otherwise old subject.  One prominent example today is the cloud.  Cloud can mean a lot of different things to different people, but the basic definition is moving computer systems or software applications outside of your office or home into an offsite datacenter or datacenters.  Anyone using iCloud to store their photos or music is using the cloud.  However, cloud hosting is nothing new.  Software and systems have been housed offsite in datacenters for years.  In the 1980’s and 1990’s this type of service was often referred to as ‘offsite hosting’, ‘colocation’ or simply ‘hosted services’. 

Like cloud, managed services have been around for decades with different names.  Today, an entire industry has been built around managed services.  The companies who provide managed services are called Managed Service Providers or MSP’s.  Managed Service Provider is most often used in the technology industry.  Gartner* defines Managed Service Provider as the following:


A managed service provider (MSP) delivers services, such as network, application, infrastructure and security, via ongoing and regular support and active administration on customers’ premises, in their MSP’s data center (hosting), or in a third-party data center. MSPs may deliver their own native services in conjunction with other providers’ services (for example, a security MSP providing sys admin on top of a third-party cloud IaaS). Pure-play MSPs focus on one vendor or technology, usually their own core offerings. Many MSPs include services from other types of providers. The term MSP traditionally was applied to infrastructure or device-centric types of services but has expanded to include any continuous, regular management, maintenance and support.


As usual in our field, the definition includes an overabundance of techno babble.  In a more generic sense, the definition of managed services is using a third-party company to provide a business process or service traditionally performed within the company using company employees and resources.

Managed service companies make money by charging monthly fees for the services they provide with the intent of providing a stable and predictable cost that can be budgeted for by the customer.  This is the “continuous, regular management, maintenance and support” in the Gartner definition.  In most cases, the monthly cost of managed services is far less and at a higher quality than attempting to hire and operate internally.

Before managed services, outsourcing, fractional services, and consulting were common synonyms used to define the service.  In my opinion, over time, primarily due to a small percentage of poor-quality providers, outsourcing and consulting were cast in a negative light with lower quality results and higher costs.  The industry needed to distance from the negativity and managed service provider was born.

However, managed services come with its own challenges.  It can be very nebulous and generic to many in the business world. 

At its core, managed services are about taking a business process or portion of a business process and hiring an external firm to provide those services and do so with higher quality, typically at a lower cost when compared to hiring a team of employees to do it internally.

Although Managed Services and Managed Service Provider are often attributable to the technology industry, the concept applies to the entire professional services industry.  Each of these services can be aligned to a business process needed by any company running a business.  The amount of ongoing need for a service is dictated by the type and size of the business itself.  Although many have not embraced using the managed services moniker for their services, the concepts are the same.  Some common groups of managed service providers include:

  1. Accounting

  2. Legal

  3. Marketing

  4. Advertising

  5. Human Resources (HR)

  6. Information Technology (IT)

Each group can have many specialty services within them.  Customers may have the option to choose the type and amount of managed service they need for their business.  Using the example above:

  1. Accounting

    1. CFO services

    2. CPA services

    3. Bookkeeping

    4. Month end close and reporting

    5. Accounts payable

    6. Accounts receivable

  2. Legal

    1. Contract creation

    2. Intellectual property

    3. Employee disputes

  3. Marketing

    1. Collateral creation

    2. Logo design

    3. Website design

    4. Writing copy

  4. Advertising

    1. Ad creation

    2. Ad purchasing

  5. Human Resources (HR)

    1. New hire processes

    2. Termination processes

    3. Payroll services

  6. Information Technology (IT)

    1. Helpdesk services

    2. Network management

    3. Systems and services management

    4. Security

    5. Cloud management

The customer has the choice to choose what service and amount is right for their business.  As a company that has provided technology services for the past 20 years, we have seen the ‘preferred’ terminology for what we do change from consulting to outsourcing to managed services.

At Fluid, our Managed Service Provider offering means we take over the day-to-day and ongoing technology needs of our clients, including managing their other vendors (often a pain point).  It is an all-inclusive plan purposely designed to alleviate the risk, stress, and pressure related to managing technology. 

From our clients perspective, our MSP plans simply means someone else is handling all their technology needs and they can focus on running their business.  Our clients also know we will proactively keep them secure and provide advisory services to help ensure technology is being used to maximize productivity and align to their company business objectives.  In reality, we strive to help the company use technology to grow and make more money.

Whether its unlimited helpdesk support with excellent service and response time or complicated migrations of systems to the cloud, we have a relationship built on trust that allows our clients to lean on us while they run the business.  We manage their technology operations top to bottom as if we were an employee.

Our most important metric we measure in relationship to our clients is client satisfaction.  If our clients aren’t 100% satisfied in the service we provide, regardless of the type of task, we are letting them down.

Managed Services can be a very powerful tool when understood and used properly to enhance any company’s business.  If you want to learn more about Fluid’s managed service offering give us a ring or click here!

 

* Source: Gartner IT Glossary https://www.gartner.com/it-glossary/msp-management-service-provider

Breaking News: IT Can Actually Save Money

GlobalMapDollar750.png

Headline: IT Saves Money for Company!

Wouldn’t it be great to see more headlines about the positives of IT rather than all the negative press about cyberattacks, privacy concerns and cost overruns?

If you are a small to mid-sized company, you are probably using one or multiple vendors for IT services and support (i.e. phone system, cable/network, internet, IT guy, etc.).  You may even have an internal “IT guy” or IT staff that works with one or more vendors to deliver IT services.

At Fluid, we state we will, not only, provide excellent support services (which should be expected), but we also provide valuable strategic IT services to help reduce IT costs, improve productivity, and implement technology that will support overall business objectives.  Unfortunately, companies have received poor support services for so long that they don’t believe there is any way money can be saved and productivity can be improved by working with an IT services partner.  Most businesses are used to the reactive support model, which often does not resolve the root cause of issues.  When a need arises, IT personnel fixes the problem as quickly as possible so that users can do their jobs.  But, the root of the problem is often ignored, and the same issue will usually occur again.

Go beyond the basic blocking and tackling

Providing quality support/helpdesk services is at the basic level, and any IT services provider should be excellent at it.  But, beyond basic support, we see the real value in approaching technology strategically and proactively, and ensuring that the right people are focused on the right things.  Also, properly managing all third-party vendors, on behalf of a company, requires a balance of the right staff, the right skillset, and most importantly, an in depth understanding of the business.  We’ve built our MSP business model based on the premise to deliver on those promises.

Focus on the whole, not the parts

When working with technology vendors and partners, each one typically only focuses on their piece of the puzzle, never expanding beyond to see how it fits into the rest of the business.  Our approach is opposite, which results in tangible benefits.  We take over the management of all third-party vendors to ensure that everyone is working towards singular goals that align with the overall business objectives.  Also, most companies don’t want to deal with other vendors, but their IT personnel doesn’t do it for them either.  I can’t count how many times I’ve heard C-level executives say “I don’t want to waste my time calling ABC vendor. I can’t understand all the technical jargon, and I don’t want to.”

Case Study: Saving money and adding value through strategic management

To understand the possibilities, here is a real business case:

One of our clients recently acquired another company.  As part of the acquisition, there were all the normal integration components, which required areas for optimization. But, there were also other critical projects.  The company needed new cabling/wiring for all locations, as well as a new VOIP internet-based phone system, and upgraded internet service.  At each location, cabling, voice and internet service, was provided by a different vendor.

Most companies, in this situation, would allocate a staff member to manage all the vendors. The staff member may have some technical acumen, but not enough to truly know what to look for in order to manage each vendor effectively.

In our client’s case, as in most similar situations, all the vendors were dependent on the other for implementing their services.  The internet service had to be increased to meet the new phone system requirements, and the cabling had to be in place to provide the necessary “ports” or wall jacks for the phone system.  The number of total ports, in each location, drove the need for new networking equipment. 

As they should, our client wanted and expected that all the pieces would be done correctly so that they could walk in the office, and everything would be configured and working correctly.  The challenge is, every piece must be not only done correctly, but also timed in a way to minimize unnecessary ‘dead time’.

As their technology partner, we stepped in to manage all the vendors, and what we found was frightening.  The cable vendor had provided a quote for both locations based on a walkthrough with one of their staff.  They presented a quote that was over $20,000 for the job.  Once we evaluated it more closely, we found an abundance of new cables that were unnecessary.  This was not the fault of the cabling vendor, they were doing what they thought was right, based on what the staff member told them.  The staff member didn’t have the knowledge to understand the technical details, and how things would work with the new phone system.   

CostSavings150.png

We saved our client over $25,000 on one project

We evaluated the cabling proposal and conducted calls with all other vendors, to ensure that everyone understood their piece and dependency on one another.  After our evaluation and walkthrough at each location, the cabling cost dropped from $20,000 to $6,000.  A substantial savings of $14,000 in one-time CAPEX cost.

We took the same approach with the phone vendor and the internet service provider.  Internet service providers (ISP) are always happy to sell you more bandwidth.  Again, like the cabling, the ISP worked with a staff member to determine the bandwidth required.  As before, the staff member lacked the necessary understanding to calculate what would be required.  Working with the phone vendor, we calculated what the maximum bandwidth usage could be. Then, we compared it with the actual usage reports, which allowed us to calculate a more accurate estimate of internet bandwidth needs.

Through our evaluation, we found that the company could start at a lower bandwidth level and confirmed that the bandwidth could be increased very quickly if necessary.  So, rather than buying more bandwidth than needed ‘just in case’, they were able to get what they needed with the ability to increase.  We ended up saving them over $500 a month in OPEX costs – which adds up to $6,000 per year.

We took the same approach with the phone vendor and found the number of handsets was too high, which resulted in additional savings in both one-time CAPEX and monthly OPEX.

Lastly, the additional cable drops and phone system required the purchase of new networking equipment to connect everything properly.  If the initial figures were used from the cabling and voice vendors, the company would have purchased more expensive networking equipment than necessary.  This also resulted in additional savings of over $5,000 in one-time costs.

The total savings were significant – over $25,000 in one-time costs and $1,500 in monthly costs

By working with and managing all vendors, we were able to help our client save a substantial amount, while also ensuring that each vendor would implement the right solution and do it correctly.  For a small to mid-sized business, spending money on technology can cause a major strain on finances.  Without our involvement and management, the company would have spent money it didn’t really have on solutions that would have been excessive and completely unnecessary.

Your Managed Services Provider can and should save you money and improve productivity

I’m sure other MSP’s say they offer strategic services and can save you money, but we’ve found that the reality is very different.  Unfortunately, most MSP’s don’t have the staff or skills required to manage all third-party vendors effectively.  Anyone can say they can do it, but can they prove it with actual numbers.

What you don't know CAN hurt you!

BlindMan Cybersecurity continues to be a real problem for small to mid-sized (SMB) companies because they honestly believe it will not happen to them.  To make matters worse, in a recent article by Dark Reading, 51% of SMB leaders are convinced their companies are not a target for cybercrime.  You can read the article here.  With the large number of security incidents we respond to within the SMB community, it is very surprising and discouraging businesses continue to ignore cyber threats.

Small to Mid-Sized Companies Do Not Act Until AFTER They Have Incurred Multiple Cyber Incidents

Unfortunately, what we find is that companies take preventative action only after they have been hit multiple times.  You read that last line correctly.  We see companies have an incident, incur very large unplanned expenses to deal with it, and continue to 'do nothing' until they are hit again and again.  I have to believe this is primarily due to the lack of understanding of the real risk of cyber threats at a business level, coupled with it being a blind spot in business management - I don't know what I don't know.

The Security Industry is Partly to Blame

The cybersecurity industry is partly to blame for the lack of understanding and visibility in the business community because, as an industry, cybersecurity continues to communicate in very technical jargon and terms business owners and management simply cannot understand and do not have time to try and figure out.  This creates a disconnect between the business and the very solutions available to proactively address mitigating the risk related to cyber attacks.

If business owners were armed with information showing what is actually occurring within their business on a regular basis, communicated in terms they can understand, not only would they enable the experts to help remediate issues proactively, they would have detailed information on employee behavior and actual traffic moving in and out of the business.  Security reports provide extremely valuable and powerful information which can be used not only to thwart cyber threats, but also create and enforce general company policies on how business assets are being used.

You can see sample report showing one month of actual data obtained from proactively deploying and monitoring security here Security Report

I believe if business owners could SEE what is actually happening, they would be much more likely to address the very real cyber threat risk.  At a minimum, they would have to decide to do nothing knowing bad things really are happening.

 

Are You Prepared for a Cyberwar?

We make it our business to protect yours. Former white hat hacker Joshua Petty will be presenting the unexpected sources of security threats and how to defend yourself. In light of the recent global ransomware attacks, this information could prove invaluable. We think you should be there.

Fortinet is the largest security appliance vendor, and when partnered with Fluid IT Services you know that your information is protected. The topics over lunch will cover simple ways to harden your infrastructure, how to manage your security with minimal effort, and arming your staff to become more security conscious.

Space is limited, so register today to secure your place at the table. We look forward to your participation.

Tuesday, June 6, 2017 @12pm

Maggiano's Little Italy 6001 West Park Blvd.

What you can expect:
  • Security insights from the experts
  • Fine Italian dining
  • GOPRO giveaway with all the accessories to get you started

Register Now

How 20 Minutes Can Save Your Business: 4 of 4

In my previous post, I promised 4 topics that if considered may make you re-think outsourcing IT.  We started with the specialized knowledge required to keep IT running smoothly for a business today.  No one (or two) person will have it all.  If you missed it, check it out here.  Next we covered the strategic role IT should play in your organization.  Here's #2.  In my third post, I covered reducing risk.  Sometimes we don't consider how much key-person risk we have in our businesses.  This post will help you consider that. Today, I'm going to focus on cost.

Reason #4 - Cost is King: Why Managed Services are MORE Affordable

For small businesses, costs are a critical measurement. The cost to maintain an internal employee’s technical acumen can be monumental. Salary, workers compensation, benefits, and payroll taxes are not cheap. Small companies do not have access to healthcare discounts that large enterprises can harness. Adding regular and expensive training for an IT staffer is a significant increase to those costs. Every course sponsored by your company makes an employee more valuable on the open market. Every course neglected creates risk for your business.

If you are making investments in hardware to maintain an on-premise environment, what happens in the event of an economic downturn? There is no better example than that of the ever-changing Oil and Gas industry. I have seen large infrastructure investments made during a growth period, followed immediately by a downturn. Many found themselves paying for hardware they can no longer utilize effectively.

All things considered, outsourcing IT is less expensive than the cost to maintain a full-time employee. If your industry is facing a downturn, a managed services agreement allows you to scale down. When you experience growth you can easily scale up. You gain access to a team of experts instead of relying on the expertise of one person or a small team. A recent Gartner study cited that 80% of small business would “realize significant savings from outsourcing e-mail management alone.” Imagine the savings in outsourcing other technology components.

Bottom line: If you own or operate a small business you should be evaluating IT outsourcing. A 20 minute conversation might just change your life.

 

How 20 Minutes Can Save Your Business: 2 of 4

In my previous post, I promised 4 topics that if considered may make you re-think outsourcing IT.  We started with the specialized knowledge required to keep IT running smoothly for a business today.  No one (or two) person will have it all.  If you missed it, check it out here. Today, I'm going to focus on the strategic support you get from the right IT partner.  IT should be a business enabler, not a cost center.  The right partner will provide that support.

Reason #2 - From Password Resets to Profit (Setting an IT Strategy)

If you currently have a full-time IT employee or team, how often do they approach executives to get input on how to better support the business using technology? Based upon experience, my guess would be not very often. Smaller IT shops typically do not have the time to keep all of their systems up to date (not to mention password resets, break/fix, email issues), much less consider how to make the technology profitable. The most valuable function an IT organization can provide is not just keeping the lights on, it is enabling the business to grow.

Outsourcing your IT to a managed service provider gives you access to consultants that will work to align technology with your business strategy. Some even provide virtual CIO services, such as planning a technology roadmap, developing an IT budget, and analyzing and reworking business processes.

How are you mitigating the risks associated with maintaining an IT environment? See our next installment on Reducing Risk.

 

How 20 Minutes Can Save Your Business (And Your Sanity)

You are busy, I get it. There is not enough time in the day for you to finish the tasks on your plate, much less extra time to evaluate new technology options. Whether you are part of a small internal IT team or your company has added IT maintenance to your ever-growing list of responsibilities, Fluid has you covered.  There are 4 key reasons to consider outsourcing IT that you may not have thought of in the past.  I'll cover these reasons in a 4-part series.  So if you have 20 minutes, read on and we might be able to change your IT life!

Reason #1 - Specialized Knowledge

I recently participated in a meeting with a potential managed services client whose IT staff consisted of two full time IT employees who both left the company unexpectedly. The reasons they exited are common in small business, though are not often considered in decisions regarding outsourcing. For one employee, the responsibilities were just too overwhelming and they could not handle the workload; the other believed that they did not have a vertical career path. Unfortunately, most small companies cannot afford IT employees with the depth and breadth of knowledge required to adequately run an entire IT environment. Many of the good ones don’t stick around because they are offered more money for their skills by larger companies. The damages left in the wake of their departure were systems and hardware that had not been updated in years, creating significant risk for this business and few options to resolve the issues quickly.

With the decision to outsource, you leverage the collective knowledge of a much larger IT organization. You receive the benefit of much broader coverage, access to expertise and skills you would not have otherwise, and reassurance knowing that critical systems will be maintained consistently.

Are you getting the strategic guidance that you need to grow your business? Check out the next installment on General Business Consulting.

 

Security Breaches: The Kiss of Death for Small Business

For romantics, a kiss signifies love, affection, or respect. Unless you receive the kiss of death, which signifies that your days are numbered. For small business, a cyber-security breach is the dreaded kiss of death. security metrics 2.0Here are some stats that’ll start your heart from recent studies from Property Casualty 360 and Small Business Trends:

- 62% of cyber-attacks are focused on small to medium businesses - Only 14% of these businesses rating their ability to mitigate an attack as highly effective - Average cost of a breach for a small business, including damage or theft of assets and disruption of normal operations is slightly over $1.8M - 60% of small companies will go out of business within six months after an attack

While it may be surprising that 60% of SMBs attacked will be out of business, once you understand the typical cost of a successful attack, it’s far less surprising.

So do small business owners just give up in the face of these threats? Nah, that’s not the way entrepreneurs roll. Most small businesses can outsource the mitigation of this risk for less than $1K per month, offloading both the risk and the time that it takes to manage a security solution. For a small business, this can be the difference between life or death, much like an insurance policy.

In the world today, it’s no longer a matter of IF your company will be hit by a cyber-attack, it is a matter of WHEN. The question that you should ask yourself is, “Do I have almost 2 million dollars to handle it retroactively, or does it make more sense to spend $1,000 per month to proactively protect my livelihood and my customers?”

For a frank discussion on cyber-security and ways to mitigate these risk, reach out to Fluid. We can help.

[gravityform id="1" title="true" description="true"]

IT Security Framework for Accounting Firms

The AICPA released two sets of criteria for public comment this week (Sept 2016) regarding cyber security. Both focus on different elements, but the common theme is the AICPA trying to develop a common framework for audit firms to evaluate the cyber security of their clients (risks and compliance). While this will prove to be very helpful, it got us thinking at Fluid: Do CPA firms themselves have a framework for their own security? Are CPA firms adequately protected from data breaches of their client’s financial information? Are accounting firms prepared to react to and recover from a malicious threat that may cause data loss or temporarily impact the productivity of the team?

Data security is a pressing issue for CPA firms given the rising level of attacks and the sensitive financial data accountants work with. A few data points –

  • Over ½ a billion personal records were stolen in 2015
  • Phishing campaigns targeting employees rose 55% in 2015
  • Ransomware increased by 35% in 2015 (362K reported cases)
  • 1 in 220 emails sent contain malware (431M new malware variants found)

While developing your own cyber security framework may seem daunting given the rapidly shifting threats, the task at hand can be greatly simplified if you break it down into the components parts (and work with professionals). At Fluid, we support our clients in 4 primary areas that each firm must address to have a comprehensive security plan.

1) Compliance Management:Fluid Security Framework

Does your firm understand all levels of compliance required given the data your firm interacts with? This can range from data retention compliance standards to data-center configuration standards. Often great compliance management starts with proper documentation, but rely on staff training and monthly monitoring to ensure/validate compliance.

2) Perimeter Management:

Think of your IT perimeter like the physical perimeter of a secure building. Are all entries and exits secured and guarded? Firewalls, cloud services, and email are major vulnerability points that should be managed and monitored for security purposes. BYOD and the proliferation of mobile devices has extended this perimeter, but these additional problem have solutions if they are approached systematically.

3) Vulnerability Monitoring and Threat Response:

You may know your weaknesses today, but that will change tomorrow; you need to monitor for attacks and have an active response if any attacks are detected. Much of this can be automated, but some expert oversight can make sure you don’t have any unintended gaps.

4) Cloud Backup and Disaster Recovery:

Even the best-run IT Departments may run into an occasional problem, ranging from accidental data loss to a malicious breach. We’ve found from our experience with clients that having a robust, offsite backup in a secure cloud environment can minimize the impact of most problems and greatly improve recovery times.

 

Whether you know it or not, your firm has ongoing IT activities in each of these 4 areas, which require ongoing focus and continual improvement – security is never ‘one and done’.

If you want to review your security practices, give us a call. We can help.