, , , ,

Are You Prepared for a Cyberwar?

, , , ,

We make it our business to protect yours. Former white hat hacker Joshua Petty will be presenting the unexpected sources of security threats and how to defend yourself. In light of the recent global ransomware attacks, this information could prove invaluable. We think you should be there.

Fortinet is the largest security appliance vendor, and when partnered with Fluid IT Services you know that your information is protected. The topics over lunch will cover simple ways to harden your infrastructure, how to manage your security with minimal effort, and arming your staff to become more security conscious.

Space is limited, so register today to secure your place at the table. We look forward to your participation.

Tuesday, June 6, 2017 @12pm

Maggiano's Little Italy 6001 West Park Blvd.

What you can expect:
  • Security insights from the experts
  • Fine Italian dining
  • GOPRO giveaway with all the accessories to get you started

Register Now

, , ,

How 20 Minutes Can Save Your Business: 4 of 4

, , ,

In my previous post, I promised 4 topics that if considered may make you re-think outsourcing IT.  We started with the specialized knowledge required to keep IT running smoothly for a business today.  No one (or two) person will have it all.  If you missed it, check it out here.  Next we covered the strategic role IT should play in your organization.  Here's #2.  In my third post, I covered reducing risk.  Sometimes we don't consider how much key-person risk we have in our businesses.  This post will help you consider that. Today, I'm going to focus on cost.

Reason #4 - Cost is King: Why Managed Services are MORE Affordable

For small businesses, costs are a critical measurement. The cost to maintain an internal employee’s technical acumen can be monumental. Salary, workers compensation, benefits, and payroll taxes are not cheap. Small companies do not have access to healthcare discounts that large enterprises can harness. Adding regular and expensive training for an IT staffer is a significant increase to those costs. Every course sponsored by your company makes an employee more valuable on the open market. Every course neglected creates risk for your business.

If you are making investments in hardware to maintain an on-premise environment, what happens in the event of an economic downturn? There is no better example than that of the ever-changing Oil and Gas industry. I have seen large infrastructure investments made during a growth period, followed immediately by a downturn. Many found themselves paying for hardware they can no longer utilize effectively.

All things considered, outsourcing IT is less expensive than the cost to maintain a full-time employee. If your industry is facing a downturn, a managed services agreement allows you to scale down. When you experience growth you can easily scale up. You gain access to a team of experts instead of relying on the expertise of one person or a small team. A recent Gartner study cited that 80% of small business would “realize significant savings from outsourcing e-mail management alone.” Imagine the savings in outsourcing other technology components.

Bottom line: If you own or operate a small business you should be evaluating IT outsourcing. A 20 minute conversation might just change your life.

 

,

How 20 Minutes Can Save Your Business: 3 of 4

,

In my previous post, I promised 4 topics that if considered may make you re-think outsourcing IT.  We started with the specialized knowledge required to keep IT running smoothly for a business today.  No one (or two) person will have it all.  If you missed it, check it out here.  Next we covered the strategic role IT should play in your organization.  Here's #2. Today, I'm going to focus on reducing risk.

Reason #3 - Taking the Stress out of Taking Vacation (Reducing risk)

What would happen if the only employee familiar with your IT environment resigns? Or just goes on vacation? What is the procedure when a server goes down in the middle of the night? Would anyone notice before business was disrupted the next day?

When a small company chooses to use a managed service provider, these questions are no longer relevant. You are not impacted by the loss of an employee or having to scramble when they go on vacation. If a business-critical system goes down, you will be notified and it will be handled quickly. If the power goes down on site your systems are not impacted (depending on your level/type of service). If your company is subject to compliance requirements, you don’t have to worry if you are meeting them. For many businesses, managed services provide peace of mind and value that more than compensate for the cost.

Have you taken a hard look at the cost of a full-time IT employee? Read the last of this series, Cost.

 

, , ,

How 20 Minutes Can Save Your Business: 2 of 4

, , ,

In my previous post, I promised 4 topics that if considered may make you re-think outsourcing IT.  We started with the specialized knowledge required to keep IT running smoothly for a business today.  No one (or two) person will have it all.  If you missed it, check it out here. Today, I'm going to focus on the strategic support you get from the right IT partner.  IT should be a business enabler, not a cost center.  The right partner will provide that support.

Reason #2 - From Password Resets to Profit (Setting an IT Strategy)

If you currently have a full-time IT employee or team, how often do they approach executives to get input on how to better support the business using technology? Based upon experience, my guess would be not very often. Smaller IT shops typically do not have the time to keep all of their systems up to date (not to mention password resets, break/fix, email issues), much less consider how to make the technology profitable. The most valuable function an IT organization can provide is not just keeping the lights on, it is enabling the business to grow.

Outsourcing your IT to a managed service provider gives you access to consultants that will work to align technology with your business strategy. Some even provide virtual CIO services, such as planning a technology roadmap, developing an IT budget, and analyzing and reworking business processes.

How are you mitigating the risks associated with maintaining an IT environment? See our next installment on Reducing Risk.

 

, , ,

How 20 Minutes Can Save Your Business (And Your Sanity)

, , ,

You are busy, I get it. There is not enough time in the day for you to finish the tasks on your plate, much less extra time to evaluate new technology options. Whether you are part of a small internal IT team or your company has added IT maintenance to your ever-growing list of responsibilities, Fluid has you covered.  There are 4 key reasons to consider outsourcing IT that you may not have thought of in the past.  I'll cover these reasons in a 4-part series.  So if you have 20 minutes, read on and we might be able to change your IT life!

Reason #1 - Specialized Knowledge

I recently participated in a meeting with a potential managed services client whose IT staff consisted of two full time IT employees who both left the company unexpectedly. The reasons they exited are common in small business, though are not often considered in decisions regarding outsourcing. For one employee, the responsibilities were just too overwhelming and they could not handle the workload; the other believed that they did not have a vertical career path. Unfortunately, most small companies cannot afford IT employees with the depth and breadth of knowledge required to adequately run an entire IT environment. Many of the good ones don’t stick around because they are offered more money for their skills by larger companies. The damages left in the wake of their departure were systems and hardware that had not been updated in years, creating significant risk for this business and few options to resolve the issues quickly.

With the decision to outsource, you leverage the collective knowledge of a much larger IT organization. You receive the benefit of much broader coverage, access to expertise and skills you would not have otherwise, and reassurance knowing that critical systems will be maintained consistently.

Are you getting the strategic guidance that you need to grow your business? Check out the next installment on General Business Consulting.

 

, , ,

Security Breaches: The Kiss of Death for Small Business

, , ,

For romantics, a kiss signifies love, affection, or respect. Unless you receive the kiss of death, which signifies that your days are numbered. For small business, a cyber-security breach is the dreaded kiss of death. security metrics 2.0Here are some stats that’ll start your heart from recent studies from Property Casualty 360 and Small Business Trends:

- 62% of cyber-attacks are focused on small to medium businesses - Only 14% of these businesses rating their ability to mitigate an attack as highly effective - Average cost of a breach for a small business, including damage or theft of assets and disruption of normal operations is slightly over $1.8M - 60% of small companies will go out of business within six months after an attack

While it may be surprising that 60% of SMBs attacked will be out of business, once you understand the typical cost of a successful attack, it’s far less surprising.

So do small business owners just give up in the face of these threats? Nah, that’s not the way entrepreneurs roll. Most small businesses can outsource the mitigation of this risk for less than $1K per month, offloading both the risk and the time that it takes to manage a security solution. For a small business, this can be the difference between life or death, much like an insurance policy.

In the world today, it’s no longer a matter of IF your company will be hit by a cyber-attack, it is a matter of WHEN. The question that you should ask yourself is, “Do I have almost 2 million dollars to handle it retroactively, or does it make more sense to spend $1,000 per month to proactively protect my livelihood and my customers?”

For a frank discussion on cyber-security and ways to mitigate these risk, reach out to Fluid. We can help.

[gravityform id="1" title="true" description="true"]

, , ,

Don't let bureaucracy slow down your cyber security program

, , ,

Fluid Security FrameworkBusinesses don’t have the time, budget or skills to adequately cover and mitigate all the very real security risks that could take them out of business at any time.  Nor do companies want to hire full time staff just to manage security. In a new global report from the Center for Strategic and International Studies along with Intel Security, the importance of senior leadership supporting cyber security implementation is made crystal clear. Here's a great summary of the report from Help Net Security: Attackers thrive in a fluid market, while bureaucracy constrains defenders.

Fluid handles this by providing a comprehensive layered approach to security for the entire organization, creating a security fabric to cover it all – Security-as-a-Service.

It’s not a matter of if but when you will have a security incident.  Be prepared.  Be proactive. Be responsive.  Be responsible.  If you would like to learn more about Fluid’s Security-as-a-Service offering, please contact us.

 

, ,

Understanding Office 365

, ,

fluid-office-365I recently asked a very savvy business colleague the question “What is Office 365 to you?”  Their response was “Outlook”.  This is very surprising and telling because it comes from someone who has been using Office 365 for over a year! Ever since Microsoft launched Office 365 on June 28, 2011 (yes, it is already 5 years old!), there has been tremendous confusion in the marketplace about what really is Office 365.   Five years later and there is even more confusion and misunderstanding.  Whether you are a single consumer or a 500 employee company, I find a tremendous gap in what people think Office 365 is versus what it really is and can do.

There are over 85 Office 365 product SKU’s!

Although the person I questioned may be using Office 365 for just email and Outlook, it is something far greater; basically an entire ecosystem of solutions that can be catered for your specific needs.  Further complicating the matter, the Office 365 ecosystem continues to grow, with new offerings added all the time.  For example, Dynamics 365 was recently released this fall.

Office 365 has different product licensing and pricing for consumer, corporate, government and academic user types.  Certain Office 365 products are available if you have 300 employees or less, which are not available once you cross that threshold.

The core basic concept and offering of Office 365 is the bundling of mainstream Microsoft products with the bundles defined to meet specific user and/or company needs.

You can buy pre-bundled packages

For a small company, you can buy packages based on your specific needs.  For example –

  • Office 365 Business Essentials – for companies that need email and file sharing, but don’t need Microsoft Office, this package includes only Exchange Outlook email, OneDrive Business, Skype for Business, and Team Sites (SharePoint)
  • Office 365 Business – for companies that need the MS Office suite, but don’t need email, this package includes Outlook (no email, OneNote, Word, Excel, PowerPoint, Publisher and OneDrive
  • Office 365 Business Premium – for companies that need both email and the MS Office suite, this package includes Exchange Outlook email, OneNote, Word, Excel, PowerPoint, Publisher, Skype for Business, Team Sites (SharePoint), and OneDrive

However, these packages are only available to companies with less than 300 employees.  If there are 300+ employees you must uses the ProPlus or Enterprise editions, which also have multiple bundled package offerings.

The Enterprise level also provides additional software solutions, such as –

  • Microsoft Access
  • Skype for Business voice capability
  • Power BI business analytics

 

You can add-on numerous individual products incrementally

Additional Microsoft solutions and products may be added incrementally to an Office 365 account based on specific business needs.  These may include services such as –

  • In-Place Hold to preserve deleted and edited emails for legal requirements
  • Hosted Voicemail
  • Data Loss Prevention to help identify, monitor and protect sensitive data, such as PII and PCI
  • Offsite backup of laptops/desktops using OneDrive
  • Microsoft Project Pro for Office 365
  • Microsoft Visio Pro for Office 365
  • Azure cloud services
  • Intune mobile device management
  • Sway (how many of you have even heard of this product?!)

Had enough yet?!

Did you know OneDrive is now robust enough that it could replace other mainstream solutions such as Box.com and Dropbox at a fraction of the cost?  Or that you can backup server data offsite using Azure with your Office 365 subscription?

This short article should make it clear that Office 365 is a very robust set of solutions, but equally as complicated to understand.  It’s no wonder, when asked, many think of Office 365 as black hole with no hope of understanding it all.  The good news is you don’t have to, but you do need to know to ask for help.  It’s amazing how many people and companies do not know where to go for help or know but don’t ask.

Fluid is one of a few Microsoft Cloud Solution Provider (CSP) Partners, which means we not only have expertise in Office 365, we provide end-user support directly.  We can also help educate you on the best fit for your needs, as well as provide end-user training on the Office 365 products you already have to ensure you are maximizing the value of the solutions.

If you need help with Office 365, call Fluid today!

, , ,

IT Security Framework for Accounting Firms

, , ,

The AICPA released two sets of criteria for public comment this week (Sept 2016) regarding cyber security. Both focus on different elements, but the common theme is the AICPA trying to develop a common framework for audit firms to evaluate the cyber security of their clients (risks and compliance). While this will prove to be very helpful, it got us thinking at Fluid: Do CPA firms themselves have a framework for their own security? Are CPA firms adequately protected from data breaches of their client’s financial information? Are accounting firms prepared to react to and recover from a malicious threat that may cause data loss or temporarily impact the productivity of the team?

Data security is a pressing issue for CPA firms given the rising level of attacks and the sensitive financial data accountants work with. A few data points –

  • Over ½ a billion personal records were stolen in 2015
  • Phishing campaigns targeting employees rose 55% in 2015
  • Ransomware increased by 35% in 2015 (362K reported cases)
  • 1 in 220 emails sent contain malware (431M new malware variants found)

While developing your own cyber security framework may seem daunting given the rapidly shifting threats, the task at hand can be greatly simplified if you break it down into the components parts (and work with professionals). At Fluid, we support our clients in 4 primary areas that each firm must address to have a comprehensive security plan.

1) Compliance Management:Fluid Security Framework

Does your firm understand all levels of compliance required given the data your firm interacts with? This can range from data retention compliance standards to data-center configuration standards. Often great compliance management starts with proper documentation, but rely on staff training and monthly monitoring to ensure/validate compliance.

2) Perimeter Management:

Think of your IT perimeter like the physical perimeter of a secure building. Are all entries and exits secured and guarded? Firewalls, cloud services, and email are major vulnerability points that should be managed and monitored for security purposes. BYOD and the proliferation of mobile devices has extended this perimeter, but these additional problem have solutions if they are approached systematically.

3) Vulnerability Monitoring and Threat Response:

You may know your weaknesses today, but that will change tomorrow; you need to monitor for attacks and have an active response if any attacks are detected. Much of this can be automated, but some expert oversight can make sure you don’t have any unintended gaps.

4) Cloud Backup and Disaster Recovery:

Even the best-run IT Departments may run into an occasional problem, ranging from accidental data loss to a malicious breach. We’ve found from our experience with clients that having a robust, offsite backup in a secure cloud environment can minimize the impact of most problems and greatly improve recovery times.

 

Whether you know it or not, your firm has ongoing IT activities in each of these 4 areas, which require ongoing focus and continual improvement – security is never ‘one and done’.

If you want to review your security practices, give us a call. We can help.

, , ,

DNC That Coming! Email Security for Your Business

, , ,

I was sitting down to write a blog on security, focused on some of the latest data published regarding how IT security impacts small to medium businesses and before I could begin I was lobbed a softball by the Democratic National Convention – a leak (breach) of Democratic Party emails last weekend allegedly conducted, or at least backed, by Russia.

So what happened?

“On Sunday, Hillary Clinton’s campaign manager, Robby Mook, accused Russia of working through hackers to access 19,000 emails at the Democratic National Committee that were dumped into the public domain last Friday by WikiLeaks. The emails showed DNC staffers working to help Clinton’s campaign during her primary fight against Bernie Sanders, despite the DNC’s publicly neutral stance,”*

Why is it important?

We’re an IT Services and IT Security Company, so we’ll try to leave politics aside for this blog. In that spirit, what can we learn from an IT perspective from the leak?

 

Email isn’t just communication, its valuable personal and corporate data

Sometimes we separate email from other corporate data, but that’s a mistake. In a typical company email system, hackers could potentially find information on corporate strategy, personally identifying information, financial information, IT system passwords, and other information that could help in further attacks through phishing, etc. Our email isn’t just communication, it’s data that needs to be protected.

While these hackers weren’t looking for credit card numbers in the DNC email, they did learn (and expose) a lot of information about strategy, tactics, and plans that were certainly not intended for the public. In the 19,000 emails, how much personally identifiable information (PII) was present? PII in security speak, within the thousands of emails there could be the need for risk mitigation and damage control, not to mention the potential for law suits and other fines.

 

Not all email is secure, use encrypted email for sensitive information

Many people still “trust” email as a secure communication method and willingly share private information such as credit card numbers, social security numbers, healthcare information to name a few. In the hands of the wrong people that can be very dangerous and costly many people. Email is not secure by default and must be encrypted prior to sending to have proper security for sharing any private information. If you’ve ever received an email from your doctor or financial institution that sends you to a website to login to read your email, that is a secure, encrypted email.

 

Security experts are giving you plenty of warning. The time to listen is now.

Security experts have been beating the drum for a while now – cyber attacks are growing at an alarming rate and frequently the target is shifting to small businesses. Another troubling aspect of this breach is that “Federal investigators tried to warn the Democratic National Committee about a potential intrusion in their computer network months before the party moved to try to fix the problem, U.S. officials briefed on the probe tell CNN.” If true, and the FBI warned the DNC and they did not act, it creates a massive problem for the DNC leadership and their credibility. Action in fact was swift as the DNC Chairwoman, Debbie Wasserman Schultz, announced her resignation on Sunday. Further evidence showed “The DNC brought in consultants from the private security firm CrowdStrike in April. And by the time suspected Russian hackers were kicked out of the DNC network in June, the hackers had been inside for about a year.”**

A year! That is a long time to be gathering data and suggests more is likely to be leaked. In fact, WikiLeaks founder Julian Assange virtually has already stated as much. All those emails, all that data is still out on the public domain where anyone with access to the internet can see them.

Federal Investigators may not be calling you with warnings about your small business, Security experts have been beating the drum for a while now – cyber attacks are growing at an alarming rate and frequently the target is shifting to small businesses. It’s time to listen to the experts and take basic steps to protect your company.

 

Borders don’t protect your company in cyber attacks

It’s being reported that these attacks came from Russia. Borders can’t protect us from the rest of the world when it comes to cyber attacks. Prosecution and restitution for damages caused by an attack is not going to happen. As an example, once funds are extorted into a foreign country through ransomware, consider it gone with no recourse.

For your business, the foreign nature of attacks is alarming due to the lack of accountability and prosecution, for the DNC breach, the motivation and ability to influence our country’s political process is very alarming.

It’s been stated that the intent was to expose DNC members that used email to sway people to one candidate over the other, something that fundamentally against the DNC charter. Was this done to just embarrass the DNC or was it a wider sweeping intent to impact our actual Presidential election process in November? If it was in fact Russia, did they do this to make the DNC look unscrupulous in hopes to sway voters to the other Party? The repercussions are HUGE – potentially impacting the outcome of who will be our next President!

Protect yourself!

Some simple steps could have avoided this disaster or at least mitigated it. Just a few things to consider as you run your business –

  1. Robust IT security monitoring and management to proactively detect malicious attacks
  2. Defined governance process and procedures to define what is and is not acceptable
  3. Employee training programs on what to look for, what to NOT put in email
  4. A defined Security Response Procedure to act quickly and decidedly if attacked
  5. Take any warnings seriously and address them now

If you can’t check each one of these off your list, call us and we’ll make sure you can. And don’t be surprised when a new wave of hacked emails is made public.

 

*https://www.yahoo.com/news/chris-van-hollen-russian-dnc-000000889.html

**http://www.cnn.com/2016/07/25/politics/democratic-convention-dnc-emails-russia/index.html

, , ,

5 Data Security Tips for Accounting Firms

, , ,

cloud securityFrom working hand-in-hand with our CPA firm, Accounting services, and Bookkeeping clients over the years, we know a thing or two about data security and how best to protect your firm from data losses or data breaches.  In today’s world, accounting firms must do everything they can to protect their client’s sensitive financial information.  We’ve pulled together a few best practices for you to keep in mind.  

1) Assess your current data protection and security levels

If you never measure your security performance, you never know if your network and data are secure or not.  That is, until you learn from a breach or malicious virus that you had poor security after all.  We recommend an outside firm provide an annual security assessment and review.  You may not have the time or budget to implement all suggestions, but at least you will know your weaknesses and you can develop a plan to improve over time.

 

2) Physical security, Information Systems Policies

Your network can be bullet proof to hackers and your data encrypted, but if your team isn’t trained or your office isn’t physically secure, your data is still at risk.

  • Ensure the physical security of your office with card keys, visitor logs and badges, and proper locks on doors leading to all critical infrastructure.
  • Use cable locks to ensure laptops, desktops, tablets, and any other critical devices are locked to desks.
  • Policies for each employee
    • Clean desk (no sensitive information left on desks, whiteboards or print stations)
    • Password policies that define the proper construction and maintenance of passwords
    • Acceptable use for utilizing company data and technical assets
    • Mobile device policies to help employees understand the risks associated with mobile devices
  • Keep users informed and accountable
    • Training classes are great vehicle for delivering written policies and procedures
    • Weekly (or even monthly) information security newsletters can help remind users of the importance of information security, as well as provide updates on the latest trends and threats.

 

3) Secure technology solutions

This is the sweet spot.  We feel you need to start from the outside and work toward each user device to implement proper security.

  • Are your cloud vendors PCI compliant? It’s a great standard that can generally be trusted.
  • Follow best practices when setting up office infrastructure
    • Place a business grade firewall at the front of the network that is supported and continually updated
    • Ensure WiFi networks use strong passwords and encryption protocols. Keep guest networks separate from internal networks.
    • A business-grade Anti-virus solution for all PCs
    • Standard email defense software
  • Do you know what compliance regulations your business or your customer’s business requires you to have?

 

4) Automated backup and disaster recovery

What if you are hacked or a malicious virus infects your system?  If major financial institutions or fortune 500 companies have some vulnerability, you probably will to (even if you follow some of these tips).

Can you recreate lost data or data held hostage by a malicious virus?  Do you conduct a periodic test of your data backups to confirm their validity?  Do you have multiple layers of backup – local, onsite, offsite?

A good, up-to-date backup or disaster recovery solution can be your “get out of jail (almost) free” card if you run into a problem.

 

5) Address your BYOD policy and it’s security implications

The use of personal devices on a company network to handle client data is always one of your largest security concerns.  If you allow company data on personal devices, there are some steps you can take to limit the security vulnerabilities this may cause.  Here are a couple of ideas:

  • Have a policy in place that states when it is acceptable to use personal devices for work purposes. If it is acceptable, provide guidelines to help employees understand the risks of using personal devices for business purposes.
  • Have a mobile device management (MDM) solution deployed to help manage all company data on personal devices.

 

The cost of proper security, if done proactively, will generally be much cheaper than the cost of a data breach or work stoppage from an IT problem.  Your firm can work on some of the solutions on your own.  A proactive IT partner like Fluid IT Services can help you with the rest.  Give us a call and we’ll help you out!

Billions Lost to CEO Email Scams

internet security conceptI am emailed hundreds of articles and blogs every day, and although 80% may not be of particular interest, there is always a nugget or two worth reading. Today was no exception, and I received one that particularly caught my eye. Posted this morning: April 16, 2016 written by Brian Kebs from www.KrebsonSecurity.com was the very eye-catching title –

"FBI: $2.3 Billion Lost to CEO Email Scams."

As a CEO and one that receives at least two to three scam emails that make it past our email defense, this one really hit home. As I read the article, it became eerily apparent that our company had been hit by this scam many times over the past four months. It made me think if our little company has been hit that many times, how many of my other CEO friends have been or may be hit shortly? This is my small attempt to spread the word and hopefully help someone avoid a costly and embarrassing disaster.

Here's how it basically works –

  1. Staff in your financial department, typically the CFO, controller, etc. receive an email directly from the CEO’s legitimate email account asking to authorize a wire transfer of funds.
  2. The CEO being very busy and authorizing many transfers to run a business quickly sees the email and answers ‘yes’ assuming it must be legitimate since it came from your inside CFO.
  3. The CFO then provides the wiring instructions, and the amount is transferred to the bad guys.

In the blink of an eye, your company is out thousands if not millions of dollars. Although you might think a request like this would raise red flags, it is very brief and includes names that are all legitimate within the company. Furthermore, it is very common for CEO's to authorize wires through the course of normal business. I authorize a minimum of two to three a month.

Taking an excerpt from Krebs excellent article –

The U.S. Federal Bureau of Investigation (FBI) this week warned about a “dramatic” increase in so-called “CEO fraud,” e-mail scams in which the attacker spoofs a message from the boss and tricks someone at the organization into wiring funds to the fraudsters. The FBI estimates these scams have cost organizations more than $2.3 billion in losses over the past three years.

In an alert posted to its site, the FBI said that since January 2015, the agency has seen a 270 percent increase in identified victims and exposed losses from CEO scams. The alert noted that law enforcement globally has received complaints from victims in every U.S. state, and in at least 79 countries.

A typical CEO fraud attack. Image: Phishme

The FBI estimates that organizations victimized by CEO fraud attacks lose on average between $25,000 and $75,000. But some CEO fraud incidents over the past year have cost victim companies millions — if not tens of millions — of dollars.

Last month, the Associated Press wrote that toy maker Mattel lost $3 million in 2015 thanks to a CEO fraud phishing scam. In 2015, tech firm Ubiquiti disclosed in a quarterly financial report that it suffered a whopping $46.7 million hit because of a CEO fraud scam. In February 2015, email con artists made off with $17.2 million from The Scoular Co., an employee-owned commodities trader. More recently, I wrote about a slightly more complex CEO fraud scheme that incorporated a phony phone call from a phisher posing as an accountant at KPMG.

The FBI urges businesses to adopt two-step or two-factor authentication for email, where available, and to establish other communication channels — such as telephone calls — to verify significant transactions. Businesses are also advised to exercise restraint when publishing information about employee activities on their Web sites or through social media, as attackers perpetrating these schemes often will try to discover information about when executives at the targeted organization will be traveling or otherwise out of the office.

As you can see in the email image above, it looks very innocuous and legitimate. My accounting team has received this very email from me at least 4 times in the past few months. Thankfully, they know better and we have two-factor authentication, as suggested in the article. Once we request a transfer, there is a second step required that only I can do with information only I would have.

In talking to our in-house security expert, this type of scam is actually not called phishing but whaling because it targets a much smaller number of high profile individuals with access to larger sums of money.

I encourage you to share this information with your accounting team as well as your clients where appropriate. It is deceptively simple to fall for, and I know at least two of my CEO friends that were literally one button click away from transferring over $60,000 before they did the last second double-check and avoided the disaster.

You can read the full article here –

http://krebsonsecurity.com/2016/04/fbi-2-3-billion-lost-to-ceo-email-scams/

 

 

Why Is My Office WiFi So Slow?

Most offices use WiFi today to provide alternative Internet access for staff and visitors. It can be very frustrating when WiFi performance becomes a problem – especially when WiFi speeds are no longer fast enough to meet business needs. Read on to diagnose your slow WiFi, and learn exactly how to speed it up.

How WiFi Works

To figure out why your WiFi may be slow, it helps to have a basic understanding of how WiFi works.

WiFi speeds are directly related to the underlying Internet service speeds provided by your Internet service provider (ISP). If your Internet service has a maximum speed of 5 Mbps, then your maximum WiFi speeds can only be 5 Mbps – and realistically, WiFi speeds will typically be slower.

WiFi is always less reliable than wired Internet access because of the inherent limitations related to wireless technology.

As the density (number of devices accessing WiFi) of a wireless network increases – not only in your office space but also in the surrounding spaces – the quality of your WiFi connection can decrease. Here is a normal scenario that plays out in offices all the time:

You start an office with five employees, who bring smartphones, laptops, and tablets that connect to your WiFi. There are no other tenants in the office spaces around your suite.

Over the next 12 months, you increase to 15 employees who connect to WiFi. Now all the surrounding office suites are also occupied, and each of those offices have 5-10 people accessing WiFi.

You decide to allow your guests to access WiFi, and you provide them with a guest password.

At this point, the WiFi density has increased dramatically and everyone is vying for the same wireless frequencies. Even though the other office suites are on different ISPs, the Internet is being broadcast over the same frequencies and everyone is sharing those frequencies.

It’s hard to catch this gradual increase in usage in your own office – but it’s even harder to notice it in the offices that surround yours. But this overall increase in WiFi usage is going to deteriorate your WiFi performance – and the technical setup that used to work for your business may now needs some upgrades.

The Limitations of WiFi

Businesses and WiFi users often expect WiFi to do more than it can do, too.

You may want to use tablets throughout your building, or wirelessly access software in the cloud while also doing VOIP (voice over the Internet) calls. While these things are technically possible, the WiFi performance will likely be poor. As you move around, you may enter dead zones (areas where the WiFi signal is poor). Also, the basic technical limitations of VOIP solutions ensure that wireless Internet calls are not going to deliver the same consistent quality that you’ll experience from a wired Internet connection or a landline phone (though this technology is improving quickly!).

More companies are also wanting to provide better WiFi access for their guests, who are often important customers. This is a great idea – but it does put additional pressure on the WiFi service. The more guests you have using your WiFi service, the less WiFi service is available for your internal staff.

How to Speed Up Your WiFi

So what’s a modern business to do?

Here are five tips:

  1. Have your IT service provider perform a detailed wireless assessment of your office space. Doing so will tell you
    1. The density of usage in your office and surrounding spaces
    2. What areas in the office have poor coverage
    3. What frequencies are used and how much
  2. Based on the wireless assessment, have your IT team make improvements by adding or moving wireless access points (WAPs) to cover dead zones. They can also fine-tune WAPs to use the frequencies with the best coverage.
  3. Cap your guest WiFi. First, make sure you guest WiFi network is secured by its own password. Then, segment it from the company WiFi with a “cap” configured to keep guest users from hogging all the WiFi bandwidth. For example, if you have 5 Mbps total bandwidth available, cap the guest WiFi to use no more than 1 Mbps to ensure employees always have the bandwidth they need to do their jobs.
  4. Evaluate how your office is using WiFi to confirm your current setup can actually meet expectations. If you are asking it to do too much, you should lower your expectations accordingly.
  5. If you have done all of the above and still want/need better service, go to your ISP and ask them to provide options and pricing for an increase in service. Going from 5 Mbps to 10 Mbps doubles the available bandwidth for everyone to use – and that includes WiFi.

In most cases, the best approach to increasing your WiFi speed is to educate yourself. Find out how your office is using WiFi and confirm what is actually possible with your current setup.

The smartest way to do this is to get a wireless assessment. We perform this assessment using very specific hardware and software tools. Once you’re armed with this information, you can figure out exactly what to do to improve your WiFi performance.

Does Overseas IT Support Really Work?

As an IT services company, this is a question we get all the time: Will offshore or overseas support work for our business?

It’s a legitimate question, and one that deserves a thorough answer because overseas IT support can be a very effective cost-saving measure.

The Growth of the Overseas Outsourcing Trend

Many years ago, large enterprises started outsourcing their IT services and support overseas to save money. Pretty soon, this practice spread into small and medium businesses and throughout every business segment. Initially, this outsourcing did exactly what it was supposed to do: it provided necessary IT support while saving the company money.

The problem that businesses began to face, however, was a dramatic decline in the quality of service and support. Sure, companies were saving money, but they were driving customers away because those customers would not tolerate the drop in quality of service.

Overseas support also caused the practical issue of language barriers. Strong accents made even simple communication very frustrating. This is a touchy issue that many people don’t want to discuss, but it’s a very real business problem. This is not an indictment of the overseas support people’s skills or abilities at all – it’s just a reality when two very different languages and business cultures are trying to communicate.

More than likely, you have experienced this yourself when you call for support for one of the products you own. I sure have. Every time I call AT&T for support with my home telecommunications services, it is a frustrating experience. Because the AT&T support representative on the other end of the line has a thick accent, the call takes two or three times as long as it should. We spend so much time trying to understand each other – and often I don’t get the resolution I need.

It’s no wonder many business owners and managers hesitate when it comes to outsourcing their support needs to overseas teams.

But. But! There are cases where overseas IT support can work.

When Outsourcing IT Support Overseas May Be the Right Move

When the support role requires limited interaction with staff and end-users, it can work well for businesses. This is especially true when the role is very technical.

Software development is a perfect example. This can easily be done by someone overseas at a fraction of the cost of local U.S. support. As long as the software support process is clearly defined and the technical requirements and specifications are detailed.

When outsourcing to overseas support is successful, these support resources end up costing the business less money, of course. But there’s a second benefit many companies don’t consider: the time zone difference.

Time zone differences are often an issue in real-time business operations. But with non-urgent technical support, it can be a good thing. If your support team is 8-12 hours different from your local time, and you log a support request during your workday, the support team will be working on that request while you sleep. So when you come into the office the next day, you should have an answer waiting.

When Offshore IT Support Fails

The more a support person has to interact with your staff or end customers, the more challenging it becomes – and the more the quality of service declines.

We have tried using overseas IT support for our clients, so we know this from experience. We had to pull the plug a few months in because the support didn’t meet our quality-of-service expectations.

However, we do still use overseas support for some internal tasks that do not require direct interaction with customers and do not require extensive interaction with our internal team.

The Answer Is: It Depends

In my experience, the likelihood that offshore IT support services will work for your business is directly related to the amount of interaction required.

The higher the interaction level, the lower the success rate.

Conversely, tasks that can be done with little or no interaction are very good candidates for overseas support.

A great example of tasks that would match well with offshore support would be routine research and list-building tasks.

If you need to have a support person contact or communicate with customers or staff – overseas support may not be a good move for you.

In summary, the potential for success or failure is dependent on the tasks you need IT support personnel to perform.

Avoid Getting Hit By An IT Tornado

Knowing what not to do when starting a new endeavor in your small or medium-sized business can save you lots of time and money.

Starting up an internal IT department or assigning that responsibility to a single individual is no different.

In this article, I’ll show you four IT-related areas that you’ll want to cover to keep ahead of the game.

1. Identify an Internal Point Person for IT

Most SMBs don’t have the budget to hire an IT person. By default, there is either no one given operational responsibility for IT or it is informally tossed around to various people like a hot potato.

It's not surprising that non-IT people don't want this responsibility. But leaving it unaddressed, ignored and informal makes matters worse because it forces everyone to be involved to some degree.

Every company -- no matter the size -- should have IT as a fundamental operational area and discipline within their business. This means they should have a person responsible for it. When it comes to importance, IT is not much different than accounting. But you never find a company, no matter how small, that doesn’t have someone responsible for it.

The person responsible for IT does not have to be technical or know how to “do” IT. But they do need to manage IT operations.

Many times, this falls to the financial controller or CFO due to the costs related to IT. The most important thing is that the person knows what the role entails and what areas of responsibility they have.

Fundamentally, the IT “manager” should have operational responsibility for business critical elements such as:

  1. Development of a basic IT strategy that is mapped to overall business goals
  2. Development of an annual budget for IT based on a strategy
  3. Managing third-party technology vendors
  4. Assuming the role or designating a single “gatekeeper” for managing all requests for IT services and support
  5. Conducting annual or semi-annual reviews with business leadership and key IT vendors to ensure an IT strategy is being followed and modified as necessary
  6. Ensuring the company follows a standardized approach to IT (g. standard desktops), project management, and gathering requirements (for new software, etc.).

2. Involve IT Early

One theme we continually run into is companies not involving IT soon enough -- or at all -- in business decisions. Many areas of IT have led times that cannot be shortened regardless of how loud you might yell. The result is key business goals that are missed, which has a direct negative impact on the business.

Some examples we commonly see are:

  1. It’s Friday afternoon and the office manager casually mentions the new employee starting on Monday that will need to be “set up.” Adding a new employee (user) requires planning and lead time for any equipment that must be ordered, additional software licenses, email and other systems setup, etc. The lead time to order a new workstation alone is often 2-4 weeks. Giving IT at least 30 days’ notice ensures the new employee will have a machine to work on.
  2. It’s Monday, February 8th, and the owner says the company is opening a new branch on March 1. The space is already leased. The furniture, painting, and prep have been scheduled. Ten new employees will be starting on March 1 in the new space and will need access to systems. We already know the problem we may be facing with getting all the machines in on time from #1 above. But the bigger problem is Internet service in the new office. Not only do you have to find out what Internet service options are available at the new address, but once a business-class Internet solution has been decided upon, it typically takes 30-45 days to get the service in place after documents have been With only three weeks’ notice in this example, the company may have a new office with no Internet for 1-2 weeks. Being productive with no Internet service is difficult.
  3. The marketing department hired a new vendor to provide a customer relationship management (CRM) solution. The vendor will also be developing custom capabilities for the department. If IT is not involved in this decision, the company discover some unfortunate surprises: the vendor’s new solution does not work with existing software, they have horrible support, their software is using outdated technology, the CRM doesn’t meet compliance requirements, etc. No one wants to be in the position to say “I wish I had known about this six months ago.”

Moral of the story -- always involve IT as soon as possible and let them opt out if they aren’t needed.

3. Avoid Consumer-Grade Anything

In the IT world, there is a big difference between business-grade solutions and consumer grade. Many companies avoid business-grade solutions due to the higher cost. What they aren’t factoring in is the costs related to downtime due to failed equipment, higher support costs to maintain and manage the equipment, and overall lack of features, functionality, and business security requirements.

When added up, these costs are always higher than the cost difference between business-grade and consumer-grade solutions.

A common example we see includes running to Best Buy to purchase critical equipment, which might include:

  1. A Linksys network switch
  2. A laptop for a new employee
  3. A Cisco router
  4. A Netgear wireless device

All of these items are critical infrastructure components for the company and purposely not built with all the robust capabilities a business requires. They are built with homeowners in mind, making these extra capabilities unnecessary.

IT should be involved up-front in the decision-making process. They can make recommendations based on specifications that meet business needs while also meeting the quality requirements of IT for features, security, and support.

4. Keep Support Agreements up to Date

Many companies take a “buy it and forget it” approach to their critical equipment.

Virtually every piece of technology a company purchases should come with a warranty and support agreement from the manufacturer.

These support agreements are typically 1, 2 or 3 years in length. If the support agreement is allowed to lapse, IT staff will not be able to get the support they need in the event of an issue, which is not an “if” but a “when” proposition.

A great example would be the company firewall support contract. The renewal notice is sent to the office manager and after a year or two of use, they have no recollection of the device and ignore the email. Consequently, the firewall support contract lapses. Then, when the firewall goes down, IT is brought in to fix the issue. They call the manufacturer to get help and are told they cannot provide assistance because there is no support for the unit. What should have been a 1- or 2-hour outage now becomes a week while everyone scrambles to get the support renewed. This is a significant negative impact on the business.

Keeping an inventory of all IT assets, along with their support renewal dates, is tedious. But not difficult and will pay dividends in avoiding painful, unnecessary outages.

IT is Critical for Businesses of All Sizes Today

Having someone in charge of IT operations that can provide oversight in all these areas, even if delegating it to their IT vendor, will avoid a business tornado. If you don’t have anyone in charge of your IT, don’t hesitate to contact us here at Fluid IT Services. We’d love to talk to you about what would work for your specific business.

5 Tech Trends Your Business Must Know

Technology moves at a fast pace, and trying to keep up with everything can be overwhelming. But there are some trends you must understand and plan for your business to survive. These five IT trends are impacting businesses in a big way. Here’s what you need to know -- and how you need to plan for them.

Security Blanket

Security is top of mind for every company. With the constant media attention on security breaches, hacks and deficiencies it’s been pounded into our brains.

Being aware is one thing.

Being protected and prepared is altogether different.

Providing comprehensive security, both physical and logical, for a company is challenging today. It used devices. There were also fewer software vendors, many of which had their applications running on company-owned infrastructure or collocated infrastructure in a single datacenter.

In hindsight, we had it easy.

Today, companies are using numerous software

  • Box or Dropbox for file sharing
  • Office 365 for email
  • SalesForce or Sugar for customer relationship management (CRM)
  • QuickBooks for accounting
  • Another for practice management or manufacturing
  • Another for document management
  • Another for voice over IP (VOIP)

You get the idea. It is not uncommon for even the smallest of companies to have six or more different vendors providing a line of business applications. As you might imagine, securing all these solutions in a consistent way that meets a business's requirements is a nightmare.

Aside from the normal security functions of data security, secure authentication, encryption, and ensuring all vendors stay current with their security practices, you have the added layer of business-specific compliance.

If you must be compliant with HIPAA, SEC, PCI, etc., then all vendors must meet those specific security requirements and prove it on a regular basis.

You need to have a blanket of security covering the entire business spectrum, including all vendors.

This is a new reality. Dealing with it proactively can save you a great deal of time, unnecessary risk and of course, money.

Vendor Sprawl

With the evolution of the cloud, companies are now using more third-party vendors than ever to deliver services, solutions and software. It’s not uncommon for a company to have six or more different cloud software vendors providing solutions for specific line-of-business needs.

It’s na

Companies don’t want to waste time and money entering data into systems two or three times. They want software vendors to integrate their solutions with each other and pass that data along, so there is a unified, authoritative source.

While many of the mainstream cloud SaaS (software as a service) providers have built-in integration with other applications, it only takes one or two to break the chain.

Once this happens, businesses have a critical decision on their hands:

  1. Go with a different solution that can integrate but lacks all the functionality they need.
  2. Pay the software vendor to build integration to their other solutions.
  3. Do neither and settle for duplicate entry because they can’t lose the functionality or can’t afford the cost.

Compounding this issue is the exponential speed at which new software solutions are being produced and the extraordinary amount of vendor transitions occurring through mergers and acquisitions. A great product with excellent customer support is now a part of 800-lb Gorilla Inc.

All of the sudden you’ve become a number with no support.

  1. Do you switch and go through the integration issues all over again?
  2. Is the new solution vendor stable?
  3. Will they be around 2-5 years from now, or will they be made obsolete by the latest innovation?

Another major challenge and headache is vendor management. How does a company manage all these vendors at the same time?

Many times companies are forced to use non-technical personnel for these tasks. Being non-technical, it’s all but impossible for them to know when a vendor is truthful and transparent regarding a legitimate technical limitation versus something that can be done, but they just don’t want to do it.

It’s more important than ever to have , even if they are also a third party.

Companies should have someone on their side, on their team (virtually or actually), providing advisory and vendor-management services to maximize the value of all vendors.

This also helps eliminate any finger-pointing that invariably happens when something goes wrong, and there are multiple parties involved.

Vendor sprawl is real, and it’s a challenge that should be dealt with strategically -- not as an afterthought.

User Behavioral Impact

If you have kids under the age of 25, you know -- they have literally grown up with technology in their hands.

It is typical for your teenager to know vastly more than you do about today’s technologies. My daughter is constantly telling me, “Arghh! Just give it to me dad and I’ll handle it.” And I’m the one in IT!

As our youth grows up in a world of multiple devices and countless apps (I think my daughter must have 10,000), the technology world is moving past us at blazing speeds. Through smartphones, tablets, iPads and wearables, the next generation of users are engulfed in technology from the time they wake until the time they put their heads down at night.

Immediate access to the new universe of technology has changed the way users behave and will continue to impact behavior in the future.

Can you imagine a millennial sitting at their cube waiting five minutes for a web page to load using a 1200 baud modem? No way!

As technologies have become more reliable, faster and ubiquitous, available anywhere at any time for any device, the demand on the IT infrastructure has increased.

Expectations for immediate technical support are no longer a luxury, but a requirement.

Users no longer want to hear about legitimate technical limitations. They want solutions, and they want them now.

User behavior will not only become more demanding, it will also become more complex because users will insist on access to all of their applications with a single ID and password (single sign-on).

Devices will work together, passing information seamlessly along with 99.999% uptime.

For older generations in the workforce, this will become increasingly frustrating -- and it will be career-limiting because it leads to a “keep up or get out” work environment.

The Advisory Gap

For IT to be of maximum value to any business, it needs to align with the business it’s supporting.

Knowing the top 3-5 business objectives for the next 12-36 months is critical. Without that knowledge, the IT staff will be in constant reactive mode, putting out fires.

Ensuring technology enables and drives the business will help create measurable value, rather than an IT helpdesk.

Having excellent IT support processes and t

All companies, regardless of size, should eliminate this blind spot by recognizing the value of IT strategy and planning. Adding it as a recurring element in their business will create value. Ultimately, IT should have a seat at the business strategy table.

It’s amazing to me that when I ask company business leaders what their top 3-5 business objectives are for the next 12-36 months, I get blank stares. Regardless of the size of the business.

After more prompting and pointed questions, I finally get some answers. They know the main objectives in their heads, they just haven’t articulated them.

Here’s the rub. If the company leadership can’t easily articulate their strategic business objectives, how can you expect the staff, who’s running all the operations, to know it as well?

The truth is, they don’t.

To address this problem and bridge the gap, companies need to recognize the value and need for an IT advisory-level service -- call it a virtual CIO -- and find a trusted, experienced resource that can provide it.

Without it, it’s akin to flying a plane with no flight plan. I’m not sure I’d want to be a passenger on that plane!

CIO-level advisory services should be a regular and recurring part of any business. Of course, a small five-employee company may only need a CIO-type review once a year. A larger company may need such services once a month to ensure IT stays ahead and aligned to the business. But without it, you're flying blind.

Beyond the Smoke and Mirrors

Like many industries, IT is very good at making colossal promises in their marketing material, websites and sales teams.

This is worse than ever before given the cut-throat competitive nature within IT today.

Every IT vendor out there is promising the world in order to keep that highly coveted dollar -- especially if it is recurring revenue.

Take Office 365 as an example. Microsoft is notorious for releasing products early and letting the public do its testing. Office 365, with the behemoth marketing engine behind it, makes a lot of promises, and it is a good product. But that doesn’t mean it will actually do all it says, do it well enough, or provide the performance and support a business requires. Setting up one new user in Office 365 is one thing. Migrating 100 user accounts from one email platform to Office 365 is an entirely different animal and not an overnight project.

With the explosion of web-based cloud software solutions comes an equal amount of promises. Have you ever heard this one: "Absolutely, our software will integrate with their software, no problem." Only later do you find it doesn't work as advertised.

The obvious problem is the business has planned their operational efficiencies and productivity (aka $$$) around that promise. When things don't go as smoothly as promised, it's the company business that suffers, often with painful consequences – lost revenue, lost customers, inability to add new customers … the list goes on.

For a non-IT-savvy person, seeing through the smoke and mirrors can be difficult, if not impossible.

Making matters worse is the nature of cloud software solution contract terms – “sign up for a 12-month subscription with a nasty termination clause.”

Once you find out all the warts, it’s too late. Not only from a monetary standpoint, but also in the chaos created in your business by making a change.

Having a senior IT person represent the company and thoroughly vet all the options (there are always more than one) can go a long way to avoiding this terrible scenario.

Are You Already Covering These 5 IT Must Haves?

The first thing you need to do to make sure your business is prepared for these five trends is to get your managers and IT team together for a frank discussion. Figure out which areas you might not be covering then creates a strategic plan to address them before they hurt your bottom line.

If you have any concerns or run into something you’re not sure about, don’t hesitate to contact us here at Fluid IT Services.

 

,

The Fluid View of a Great Team

,

funny progress bar with talent loadingHow do you attract and retain the best people? How do you build a team of talent?

These are questions and challenges every company faces.

We’re no exception. Like most other companies out there, our people are our number one asset.

Our people are so critical to our success, and to the success of the businesses we serve, we have put a lot of focus on defining, creating and nurturing the Fluid culture.

We’ve found that the best people don’t just have superior technical and engineering skills – they are also passionate about customer service and exude our cultural values.

Like three legs of a stool, skills, customer service and culture keep our company – and our clients’ companies – upright.

So what’s our secret to a stellar team and a thriving company culture?

The 8 Power Words

The foundation of the Fluid culture is our 8 Power Words.

  1. Fun
  2. Dedication
  3. High Performance
  4. Devotion
  5. Accountability
  6. Family
  7. Strength
  8. Compassion

These eight words keep us aligned with our company values, give us a target to work toward, and provide a framework that ensures we’re actually living our values and not just giving them lip service.

Each word has a specific meaning, and no word is more important than another. These 8 Power Words are the cornerstone of who we are and a part of everything we do.

Our employee-of-the-month and employee-of-the-year awards are directly tied to measurable and demonstrated achievements aligned with each word. Yes – we even measure commitment to family.

Why do we do this? Because we have discovered that an environment that consistently challenges and stretches our capabilities — while maintaining a sense of fun and keeping family first — enables us to achieve greatness.

That fun starts with a sense of humor in the office – raucous laughter down the hall is a familiar and welcome sound – but it also extends to our passion for technology. We get to work with the latest tech, explore cool gadgets and play in the technology sandbox on a daily basis. This drives excitement and innovation in every corner of our company, which leads directly to better service for our clients.

A Great Team Keeps Growing

As a growing company, nothing is more exciting than finding that next technology expert just waiting for an opportunity to bloom with a great team. We are constantly on the hunt for these exceptional individuals.

To attract those talented employees and keep them happy and engaged, we offer flexible work schedules, new-hire welcome events, regular happy hours, company events – and maybe most importantly – we reward innovation.

When I hear, “I never had this at any other job,” or “This is the best job I’ve ever had!” or “This has been amazing. You really do care about us,” that’s the most amazing feeling.

We are always on the lookout for the best and the brightest. Are you the next reason for us to have a new-hire celebration?

,

The 2015 Fluid Employee of the Year Is...

,

DSC_0047Choosing the Fluid Employee of the Year is no cake walk. Not because we lack good candidates – but because we have so many great candidates! We take the selection process very seriously. We tie it directly to our cultural values and our 8 core values (a.k.a. our Power Words) of Family, Strength, Dedication, Accountability, High Performance, Fun, Compassion and Devotion.

There are no favorites here at Fluid – no politics – just a very real dialogue about what our employees have accomplished each month. Sometimes the process of selecting Employee of the Year is simply gut-wrenching because there are so many people who are passionate about what they do, work hard every day, and genuinely care about our clients and one another.

THIS is what makes Fluid so special.IMG_0405

And THIS is why we are so pleased to announce our 2015 Employee of the Year: A man who has earned this title over and over again, standing out even within this team of superstars.

Congratulations, Devin Kindred!

Devin’s role morphed and expanded in 2015. He started out as a senior engineer, then took on the role of Director of Client Services. If that wasn’t enough of a monumental increase in responsibility, he also took on the management of the Help Desk team and Service Ops.

Devin handled these changes with grace, dedication and a great attitude.

He treats clients with respect, works hard for them and is focused on enabling their businesses to grow.

DSC_0097Devin is always willing to help his colleagues with projects and tasks. He has a sixth sense about when a teammate might need a pick-me-up -- and even with everything on his plate, he finds the time to mentor new team members.

Here are just a few things Devin’s teammates had to say about him…

“I’m amazed at how quickly and efficiently he seems to deal with everything on his plate, and he always seems so non-stressed and unruffled.  I have a feeling he’s like a duck – calm on the surface but paddling like crazy below the water.” “If I had a dollar for every client who had positive feedback, pure respect and complete trust in Devin, I would be one wealthy lady. He helps our clients grow and succeed with so much care and pride in what they do and with what we do.”

“He is steady, reliable, and one of the hardest workers I have ever worked with. His positivity and charismatic attitude help lift everyone up around him.”

Thank you, Devin, for everything you do for our team and for our clients. We are lucky to have you!

100 Companies Relied on Backups: Why Only 32 Survived

backups fluid it servicesYou’re probably running regular data backups and have a sense of security that your business critical data is safe from failure. There’s an old saying, “Your data is only as good as your last backup.” But that’s only half of the story. The other half is: “Your backups are only as good as your last restore.” You’re already on top of the game by backing up your data, but you need to do more. You need to test your backups.

If you aren’t testing your backups, you’re not alone. According to an article in CIO Magazine, a survey reported that 59% of SMBs were backing up their data, but only 32% were testing their restore processes at least once a month.

The ultimate test for any backup is to restore it. Only then will you know if you’re backup system is performing properly, and user errors haven’t been introduced that might skip important data.

Benefits of Testing the Plan

In this article, we discussed the importance of having a checklist in place for restoring your backups. Here are two ways to test your backups:

  • Go through your checklist periodically confirming steps are still valid, noticing any areas that can be improved
  • Perform a full restore simulation

 

A full restore simulation will stress your backup plan. It will also let you know who is needed, how long you can expect a restore to take, which systems are affected and if all data is accessible and on hand.

Why do backups fail?

Even if you have a great restore process in place, sometimes things can still go wrong. Knowing what they are can you help you head off additional problems. Here are a few reasons why backups fail:

  • The full backup is corrupt because something in the system corrupted it.
  • Backups create a chain, and when something in that chain is corrupted, a restore cannot continue past that point in the chain.
  • The backups worked, but the data contained corruption before it was backed up.

 

Validating backups on a set schedule can minimize unexpected disasters.

We know that there’s always an excuse not to perform restores to validate your backups: limited time, no formalized process for it, not enough disk space, etc. But making sure your backup is good to go in case of emergency can mean life or death for your business. We can’t stress its importance enough.

Are you ready to integrate backup testing into your process?

Testing your backups can be the difference between doing down and coming back up or simply going down for the count. Don’t go into this process blindly.

Having an experienced IT team on your side to help you through the backup restore process on a regular basis greatly increases your chances of minimal downtime with a successful outcome. Don’t hesitate to contact us here at Fluid IT Services – we can help you create a backup testing process that works for your business.

When Is The Right Time To Hire A CIO Who Can Take Your Small To Mid-Sized Business To The Next Level?

Why You Might Need To Outsource Your CIOA CIO (Chief Information Officer) can provide a great deal of value to any business — large or small. They not only help set technology standards, but they help the company keep an eye on the future. Smaller businesses often struggle to support this position, however, because they often operate on tighter budgets. The role is frequently divided up among many members of the executive team.

Before you lump CIO responsibilities onto other members of your team, consider outsourcing the role.

What Is A CIO, and Do I Need One?

CIOs are generally found in large or enterprise companies, specifically those with over 250 employees. This executive level role helps ensure that any selected technology is able to move the company forward. The CIO is also forward looking, keeping an eye on which new technologies might benefit the company.

A CIO is:

  • Dedicated to extracting maximum value from implemented technologies
  • Strategically focused rather than tactical
  • Constantly learning about the latest technologies that can provide value

Small to mid-size companies usually do not have a CIO position. When a CIO is not present, responsibilities are usually piled onto an IT Manager, Director or even shared across several managers. But for more complex use of technology or when technology implementation becomes large or far-reaching, these quasi-roles can break down.

IT managers are usually tactically focused. They may have some focus on strategy but day-to-day tasks can distract from having a purely strategic focus. A CIO will not have such distractions.

In businesses that have distributed software via cloud services or SaaS, knowing where everything is located and which data is coming to and from the company is important for the integrity of security and privacy. Especially for any company that must be HIPAA compliant (to name only one type of compliance), ensuring compliance of complex systems is critical. This is where a CIO can play an important role.

"In addition to handling issues as they've come up, Fluid has done a great job of getting out in front of things and consulting with us. They let us know when we need to start thinking about upgrades or capacity increases -- letting us know what's on the horizon for the technology of our company. When we've had issues, they've been very good about thinking out of the box and really being an outsourced CIO."

The CIO's Role in Driving Business Growth

To drive business growth, the CIO’s role shouldn’t be isolated to IT. Instead, the CIO should be integrated into overall business strategy discussions. Even better if the CIO steps up and becomes actively involved in helping shape the overall business strategy. Having the CIO report directly and regularly to the CEO rather than IT support groups can build trust with other C-level members. The result is a more cohesive business strategy and greater potential for the business.

What many businesses don’t realize, however, is that the CIO doesn’t have to be in-house in order to drive the business forward. Partnering with an IT provider who puts business first can be a way to get the benefit of having a CIO without adding to company headcount.

Looking To Bridge the Gap?

Your company may not yet require (or be able to afford) a CIO on-staff. And many IT providers have limitations when it comes to overall business strategy. Finding the right provider who has both IT expertise and business focus can solve a lot of problems for small to mid-sized businesses or larger companies that can’t yet budget for a CIO position. If you’re ready to work with a team that can move your IT from break/fix support to business driver, don’t hesitate to contact us here at Fluid IT Services.