All posts by admin

GDPR Celebrates One Year of Implementation

GDPR, or General Data Protection Regulation, was enforced beginning May 25, 2018. Since then, European data protection authorities have reported that they have received nearly 90,000 individual data breach notifications. It is important to add that this number only includes organizations that are trying to comply with the GDPR enforcement. Likewise, the European data protection authorities have confirmed that during this same time-period, complaints and questions were reported by nearly 145,000 concerned citizens.

While a number of reports have been published, European data protection authorities are not being transparent about the collection of fines thus far as a result of GDPR. A few third-party investigations have been led to believe that, at minimum, more than 100 organizations had to pay fines for not complying with GDPR.

Google was fined 50 million euros earlier this year by French authorities and is appealing. The corporate giant was accused of collecting personal data without providing enough transparency to its users about data usage. Specifically, the data was utilized to personalize ads to users while on its platform.

>>GDPR specifically requires organizations to obtain consent to use personal data and this includes every specific use of the data. A “blanket” consent is not permitted.

The Purpose of GDPR

Last Spring, GDPR replaced the Data Protection Directive 95/46/ec. It was agreed upon as the primary law, by European Parliament and Council, to regulate how companies protect the personal data of the European Union citizens.

GDPR includes:

  • Data processing that requires the consent of the subject
  • Protecting privacy by making collected data anonymous
  • Data breach notifications that are provided
  • Transferring data across borders must be done so safely
  • Some organizations are required to appoint a Data Protection Officer with the responsibility of overseeing compliance of GDPR

There are six privacy principles to GDPR:

  1. Purpose limitations
  2. Data minimization
  3. Storage limitations
  4. Integrity and confidentiality
  5. Accuracy
  6. Lawfulness, fairness and transparency

How GDPR Affects Your Business

It doesn’t matter where you are located. If your business markets goods or services to EU residents, then your business is subject to GDPR regulation and it could be fined for not complying. If your business collects any of the regulated data from European users, you are also liable to comply with GDPR.

American websites that do comply with GDPR can have their European access removed.  For example, a number of large US publications such as the LA Times and Chicago Tribune were temporarily blocked for not complying.

Will Regulations Be Implemented in the US Similar to GDPR?

American data privacy has caught the attention of the public eye with increased political scrutiny. While there is not federal data privacy legislation currently, there has been much discussion regarding this topic. Most notably, the recent congressional hearings that took place with Facebook founder Mark Zuckerberg was prominent in the media.

Some states have passed their own laws. The California Consumer Privacy Act may be the most recognizable and could very well be the test case for future state laws.

As a result of GDPR, an Ovum report says that approximately two-thirds of US companies could be rethinking their strategy in Europe. US businesses are anticipating an increase in US data privacy regulations, which means that it is about time to implement better data protection measures across their organization.

Be Aware and Prepared for GDPR Compliance

Large enterprises and small businesses alike must have procedures and operations currently in place to comply with GDPR – or risk debilitating fines and/or loss of customer access.

Even if your business is compliant, changes can take place over time, so it is important to stay informed of recent developments.

In short: the sooner and better you understand GDPR and your data privacy risks, and put policies into place, the more confident you can be about your company’s ability to compete moving forward … and the more trust your customers and clients can put into your business.

The Value of a Technical Project Manager

If your business is looking forward to expansion, technology will play a key role. Chances are your technology projects, upgrades and general backlog are a part of a list that continues to grow and seems quite overwhelming. Therefore, a Technical Project Manager can be a key player on your team.

The main responsibility of a Technical Project Manager is to develop and maintain one or more technology project plans. This means:

  • Outlining project tasks
  • Milestone dates
  • Statuses
  • Allocating resources

This person will also be tasked with creating technical documentation, as well as be the one to report on progress of project(s). Not to mention, this individual will adhere to budgets. The Technical Project Manager will keep project(s) on track for successful completion.

It is not a job for the faint of heart, but rather a strong, organized team player that knows how to communicate well with your people.

The Benefits of Working with a Technical Project Manager

Why are Technical Project Managers so great to have? Let’s count the ways!

First, your business will get better estimates on the time involved for a project. Artificial Intelligence (AI) can’t account for human factors like a human can. They say that software development estimates are many times off, even by a factor of 2-3 times. That’s because a Technical Project Manager can talk face-to-face with team members to get real-time answers versus a computer-generated guess. A person can uncover and plan for timing that numbers crunched on a calculator would not be able to deduce or find.

Second, a Technical Project Manager is the eyes and ears in meetings that takes notes and records requirements from team members’ input. Going hand in hand with understanding the feedback from the people involved in the project, a Technical Project Manager is also there to make suggestions and generate ideas to improve solutions and project plans.

Thirdly, the Technical Project Manager serves as a link between the QA team and developers of a technology project to maintain the relationship and means of communication back and forth. This person can even “smoke test” before a QA team gets involved.

Lastly, consider that when a technical project is fully launched, there are end users that will engage with it. The everyday users will have input. Was the technology successful? Did it solve the problem or serve its purpose? Is it easy to use? Is it functioning correctly? Did it make work easier or better after it was implemented? The Technical Project Manager will gather feedback and determine the overall success of a project … preferably alpha and beta testing core functionality along the way, so you learn the likelihood of success very early on.

What Type of Person Makes for a Superb Technical Project Manager?

For a good Technical Project Manager, organized is an understatement. This person obsesses over the details and gets down to granular-level thinking of how a project will function. This person may be focused on the details, but certainly will not lose sight of the “big picture.”

Naturally, the right Technical Project Manager for your business is a team player with superior communication skills, keeping the people around them during any project inspired and motivated to do his or her best and keep up on their piece of the puzzle. Additionally, the power of persuasion can come in handy, along with an empathetic attitude and articulate way of carrying his or herself.

Technical projects are daunting for any size business, but making sure that they are completed on time, correctly, and to the best of everyone’s ability, is critical to the overall success of the organization. Communication lines must be open. That’s why there is so much value in putting these projects in the hands of a capable person that you can trust.

Tips for Preventing Fraud in Your Small Business

As a small business owner, fraud prevention may be at the bottom of the barrel when it comes to your actionable priorities. It should, however, be at the top.

The ACFE, or Association of Certified Fraud Examiners, reported that in 2016, organizations with fewer than 100 employees experienced a median fraud loss of $150,000. Imagine that loss to your bottom line.

There is some silver lining here, which is that there are a few easy steps that small businesses can take in order to detect and deter fraud before it happens to your small business.

The Most Prevalent Types of Fraud

Fraud comes in many shapes and sizes, it’s not one size fits all, which is why it can be difficult to manage and assess. To simplify things, start with examining your relationships with employees on the inside and vendors on the outside. Even if someone may seem to be the most trusted and loyal individual to the organization, this person could be in financial trouble or he or she can be resentful of the business. These stress factors can be the cause of someone committing fraud against your organization. Or, it could be a trusted vendor or supplier that is sending your company inferior products to reduce expenditures and/or misrepresenting themselves and the invoice.

There is also fraud of intellectual property and trade secrets, which can be a more complex type of fraud. Regardless, it is very serious indeed. Copyright infringement can cause major damage to your business, including your brand and your reputation, making recovery a very long to almost impossible process.

Despite that there are many types of lingering fraud, there are simple ways you can make your small business safer and it doesn’t need to cost a lot either. It comes down to reducing risk.

Investigate Your People Before You Hire Them

While background checks may seem like an unnecessary additional cost, it can save you a lot in the future. It is imperative you investigate candidates no matter how nice he or she seems. Run a criminal background check and reach out to references. Even get on the phone and call the candidate’s references (or, better yet, others you might know at that company.) A quick sweep of a person’s background can uncover a history of fraud or red flags, giving your small business the intel needed so that you know not to bring this person onboard, or be forewarned of potential issues.

Open Communications and an Open Door

Communication is also critical to preventing fraud. Employees that are not management may notice things that leadership cannot see. Employees should feel comfortable and safe speaking up and voicing their concerns. Your people need be able to feel like they can bring up anything suspicious to management and leadership. For employees that may be encountering financial hardship, some small businesses have an added benefit of offering small loan services. These are paid back through payroll deductions and an alternative to stealing.

>> Tip: Watch for people who refuse to take vacations, that is, who are concerned that others have access to their files and processes. 

A Clear Fraud Policy Statement for Employees

While you may feel that fraud is against company policy and that it is common sense amongst staff, it still needs be stated.

There should be a contract in place, one that all employees must sign. Your small business needs to put your expectations in writing. Include a statement that your organization values honesty in its brand and its employees. Also, be clear about the consequences – and enforcement policies – should an employee commit fraud.

Investigate Your Vendors and Suppliers

If you are looking to do business with a vendor, keep in mind that the supplier you choose is just as critical to your organization as your own people are. They are an extension of your brand. Run a sweep of any vendor and look for potential red flags. Some things to look for are irregular invoice patterns, pending lawsuits and even a criminal past.

Safeguard Your Small Business’s Intellectual Property

Common targets of potential fraud include stealing copyrights, trademarks, patents and contact lists.  Add this as part of your Fraud Prevention Policy. Add a section regarding intellectual property (IP) and make sure that your employees are aware of it. You should consider registering any trademarks and patenting any intellectual property.

A good first step here is to actually create a list of your intellectual property and what is most important for you to protect. Then creating a plan, such as limiting and tracking access, to mitigate the risk of IP theft.

What is NIST and Why Small Business Owners Should Care

To begin, NIST is the National Institute of Standards and Technology. NIST is a non-regulatory federal agency that was founded in 1901 and it is under the Department of Commerce. Their mission is to promote U.S. innovation and industrial competitiveness. They achieve this by advancing measurement science, standards and technology in ways that enhance economic security while also improving quality of life.

In general, NIST provides guidance, setting a standard for recommended security controls. Often, complying with NIST guidelines and recommendations means that a federal agency is ensuring compliance with other regulations like HIPAA, FISMA, or SOX.

NIST Small Business Cybersecurity ACT S.770

In August 2018, a new act was signed, the NIST Small Business Cybersecurity Act S.770. The NIST Cyber Security Framework or CSF was originally developed as a set of cybersecurity standards for government agencies to use. Now, as a result of the new act, NIST CSF, formerly known as the MAIN STREET Cybersecurity Act, is available to public use. US compliance regulations such as PCI and HIPAA are formed based on the NIST Cyber Security Framework or CSF.

NIST CSF provides a policy framework. It provides computer security guidance for how U.S. private sector organizations can assess and improve their ability to prevent, detect and respond to today’s rapid growth of cyberattacks.

The new bill has a goal of considering the needs of small business owners like yours and future standards. It raises awareness as small businesses are very much affected by cyber threats and will greatly reduce their cyber risks.

Providing Cyber Defense Resources

NIST CSF will provide information resources that must be generally applicable to a wide array of small businesses. They will promote cybersecurity awareness and a workplace cybersecurity culture. They will include practical application strategies.

Keep in mind that using these resources is voluntary (which is also considered a drawback), but also take in to consideration that the act was well-received by the security industry.

Cybersecurity Continues to be a Grave Concern for Small Businesses Entering 2019

The technology community can agree that 2018 was quite an interesting year for anything related to cyber security. Cyber breaches became a common, weekly occurrence.

As times have changed and cyber security has risen on the charts to become such a great risk for today’s small businesses, there will need to be some improvements made in the new year regarding cyber security regulations. The difficulty with new regulations is speed. Cyber security moves much, much faster than regulations do.

Speed and the constantly evolving nature of cyber threats means that organizations need people with security skills, either in-house and full-time or an outsourced partner. Outsourcing is becoming an easier solution as there is a global shortage of cyber security skills and talent. The demand far outweighs the supply in this case.

Education is Essential for Success

NIST is there to help your small business and so is the option to outsource your cyber security needs with a reputable firm. Additionally, the best defense is a good offense and that means educating and training your people. Creating custom, tailored training programs is key to success and staying cyber safe.

3 Predictions and 3 Tips for Small Business Cyber Security in 2019

Although 2019 brings a world of possibilities, the new year also brings more intense cyber security threats.  Cyber security threats are indeed on the rise and they are a tremendous concern for small businesses.

Looking back at 2018, numerous well-known, name-brand organizations, as well as international companies, suffered from significant cyber breaches.

Personal records were stolen in masses, such as:

  • 340 million from Exactis
  • 150 million from Under Armour myfitnesspal
  • 30 million from Facebook

Many experts feel that this is likely just the beginning and that cybercriminals will continue to evolve and get craftier. There are many predictions for what lies ahead.

Prediction 1: Cyber Attackers Will Leverage Artificial Intelligence (AI)

For 2019, it will be more than just cyber attackers going after AI systems. Today, they will enlist artificial intelligence to help them attack. Automated systems could probe systems and networks. They will search for vulnerabilities and exploit them where possible. AI will also have the capability to make phishing scams even more sophisticated.

Prediction 2: 5G Expanding Will Expand the Cyber Attackers Surface Area

While 5G has been the focus of smart phones, 5G-capable phones may be limited in 2019. In the meantime, carriers are trying to gain more traction with 5G mobile hotspots and 5G-equipped routers for use at home.

Making the shift to 5G means new architectures and new operational models which also means new vulnerabilities. Currently, many 5G IoT devices connect via Wi-Fi and over time, more will connect directly to the 5G network, which may lead to vulnerabilities in a direct attack. 

Prediction 3: Data in Transit Cyber Attacks Will Increase

It is expected that there may be an increase with attempts to attain access to home routers as well as other IoT hubs to steal data passing through them. If malware was installed in a router such as the afore mentioned, it could essentially capture information such as banking credentials and credit card numbers.

While the 2019 cyber attackers continue to evolve and find new ways of attacking, there are still current methods that are used to stay safe and these are ones that you should continue to use.

Tip 1: Use Multi-Factor Authentication for Online Transactions

While the various forms of multi-factor authentication can frustrate and confuse users, your organization should use it. It may not seem like it is the best solution, however it is much, much safer than password-only access. For users that may not appreciate the extra step, consider adding a line or verbiage reminding them that it is there for cyber safety purposes and not meant to be a nuisance.

Tip 2: Train Your People to Avoid Phishing Scams

While certainly not new to 2019, phishing scams continue to take a make a huge splash with affecting cyber security. In fact, the volume continues to increase. In general, your employees need to be cautious about giving out financial information over the Internet.

Phishers commonly will email heartbreaking or exciting news which of course is completely NOT TRUE. They will attempt to have the victim send personal information such as social security numbers, usernames, passwords, credit card numbers and more. Train your employees to only send account information or credit card numbers through either a secure website or via the telephone. Don’t transmit sensitive information via public, unsecured WiFi.

Tip 3: Keep the Leaders at Your Organization Involved and Informed

It is likely that in 2019, your organization will need to beef up its budget when it comes to cybersecurity intelligence and analytics. As cyber attackers can cause detrimental harm to how your organization runs its business, it is not an area of the business to skimp on when it comes to making investments. Your leadership must be well-aware of what is necessary to keep your business cyber safe, how much it will cost, and the consequences of not taking such recommended measures.

Plan for Change

For your company to survive, let alone thrive, you need to be able to adapt to change. Your technology and your IT provider must be more than just up-to-date, but also, they must be versatile to prepare and react to change, especially unwelcomed change.

Positive and negative change always happens with technology. As new technology is introduced, so are new problems and threats, such as security breaches, fraud, Acts of God and more.  Furthermore, employees who leave the organization can be a major security issue. It is the IT department’s responsibility to revoke system access including computer, network and data.

Regardlessof the impending issue, you need to prepare ahead of time to mitigate risk. Inshort: this means having a plan in place that can get your business back up andoperating as usual.

>> The data is not comforting: 40 percent of businesses do not reopen after a disaster. 90 percent of businesses that undertake a data center outage greater than a week will go out of business within the year.

A Disaster Recovery Plan

Every small to mid-sized business needs a documented, well-written disaster recovery plan and, certainly, before the disaster occurs.  You will also need to consider your geographical area and if there are natural disasters that may occur in your region that can affect your ability to operate your business. Take note of the warning systems available for these potential occurrences and include that in your plan.

Select a “recovery team.” Assign roles and meet with designated employees to discuss their set of responsibilities in case of a disaster. And make sure these roles updated. Often business continuity plans (BCPs) include the names of people who are no longer at the company.

In any disaster, a plan of communication is crucial. Your company can create a “communication tree.” Be sure to store copies of the tree both in your place of business and outside your place of business – and make sure the relevant teams have access to the parts (and only the parts) they need.  The plan should include more than one communication method. Be sure to include phone calls, emails, texting and even battery operated walkie-talkies.

When creating your company’s disaster recovery communication tree, include vendors as well, like your insurance provider, electrician and a plumber. And, of course, your IT provider. Create a list of customers and media contacts as well.

In case of a disaster or critical threat, the show must go on as they say. Identify critical functions as part of your plan. Look at each team or business function and assign a level of priority, from mission-critical to low. Additionally, determine how much downtime would be appropriate or acceptable for each function. Ask the question: how long can the business operate without each function?

Protect Your Company’s Data in Case of a Disaster

Every business, regardless of size, needs a BDR, or data backup and disaster recovery system. BDR’s not only protect your organization from natural disasters but cyber-attacks as well. In case of a catastrophe, a BDR ensures that data is not wiped out and minimizes downtime. Keeping your company’s data protected is critical for its success.

Once you have proper backup of your systems and data, have your IT team test it from time to time. A few fire drills per year to find potential errors or pitfalls is better uncovered before a disaster happens versus after it has occurred, with no turning back.

As a part of your data, your company should have details on the organization’s equipment. This includes, in addition to a detailed list, photos or a video recording of equipment. In case of a disaster, your company will need to provide records to the insurance to process claims. Photos and video will service well as proof.

2FA or MFA – That is the Question

Keeping your company cybersafe and training your people to follow suit is a bit unnerving for a small to mid-sized business. The good news is that there are ways to simplify portions of cybersecurity that will make a world of difference for your IT folks.

Asking your employees to make long, complicated passwords that “cannot be guessed” is no longer the best way to safeguard your data.

In today’s digital business world, a great defensive method to stay clear of potential cyber threats and cybercrimes is with two-factor authentication and multi-factor authentication.

Two-Factor Authentication

You’ve certainly seen it and encountered it on applications and social media accounts that we all use. Twitter, Facebook and Gmail have begun using two-factor authentication, otherwise known as 2FA. It can also be referenced as a “two-step verification” process.

Think of it like when you call your credit card company and are asked for pieces of information that only you would know, providing evidence that you are, in fact, YOU.

When two-factor authentication is utilized, it requires two forms of identity verification prior to having access to an application. When both factors are verified, the end user has access. For example, you may be sent an SMS code that is valid for a short time and must be entered correctly in order to gain access to an application.

2FA is an added layer of protection for your data and is certainly more secure than just one single factor, such as a complex, long password with numerous unique characters that, despite the user’s best efforts, can easily be stolen or hacked.

With the two-factor authentication, the cyber attacker or imposter would need not only your password, but would also need your second factor as well to gain access to an application on your behalf.

Multi-Factor Authentication

Multi-factor authentication, or MFA, combines what you are, what you know, and what you have. When multi-factor authentication is enabled, the administrator defines a second factor in addition to a password that a user must validate in order to gain access. Multi-factor grants access to your company’s applications through multiple data points.

While MFAs seem great, there are organization that are not adopting this security measure as to not disrupt or irritate their end users or customers. However, this should not be the case. The key is to keep a flexible policy alongside your MFA so that users are not compromised or annoyed while gaining access to your application.

2FA or MFA: Which is Better?

As always, choosing if a 2FA or MFA is better for your company’s security is not a one size fits all answer. To analyze this for your company, keep in mind that there are three possible ways that a user can validate that it is in fact them. They are knowledge, possession, and inherence.

Knowledge is what he or she knows, which would be like asking for a password and requesting answers to security questions.

Possession would be what supplies the person has on them, such as a mobile device, a one-time password or even a YubiKey.

Inherence, on the other hand, is based on a unique characteristic that the user has. This can be items such as voice recognition, a retina scan, or a fingerprint.

Two-factor authentication is just that, it relies on two factors as described above. Multi-factor can be two of the above factors or it can possibly involve all three, even inherence. If you think about it, iPhones use a fingerprint for access – and are increasingly moving towards MFA for financial applications.

Whichever authentication you choose for your company’s application, 2FA or MFA, it is better than asking users for one long, complex password – which can be easily forgotten and, year by year, more easily cracked.

Simply adding one more factor can be your best defense against cyber attackers and cyber criminals.

Eight Anti-Phishing Tricks for Your Company

With the ever-changing digital economy and its global impact, small to mid-sized businesses are on guard and on careful watch. With so much news on cyberattacks and with cybercriminals becoming increasingly creative with their methods, companies are looking for ways to out-clever the fox, so to speak.

 

First of all: What exactly is a “phishing email?”

Phishing emails are messages that appear to be official but are in fact fake. The goal is to trick your staff into supplying information or providing access to your systems, such as entering a password or clicking on a site that is infected.

They say in some sporting events, defense is everything. Which begs the question, what is a good anti-phishing defense? The easiest method to avoid a phishing email scam is to think about it BEFORE you click.  Only click on websites that are trustworthy. Only respond to e-mails when you are sure of the source.

>> The majority of cyber attacks HigherGround has seen so far in 2018 originated from phishing e-mails.  It is important to be vigilant here, which is why we often suggest your company deploy a tool like MailControl.

When working with numerous departments and many different employees, it can be hard for IT to control and question every email that comes in, though.  So it’s up to the users to help you defend the organization.

 

Tip One: Have All Machines Install an Anti-Phishing Toolbar

Have your staff use Internet browsers that have the ability to be customized with anti-phishing toolbars. These types of toolbars can run a quick check on the site the user visits and will match them to lists of known phishing sites. The toolbar will alert the employee if the site the person lands on is malicious.

 

Tip Two: Don’t Let Employees Trust a Pop-Up

While pop-ups can be okay for websites to include, it is also a common phishing tactic. Most browsers allow users to block pop-ups. If a pop-up does appear or slips past the block setting, train your staff that they should not click any “cancel” or “close window” buttons on the screen. This might take them to the phishing site. Instead, tell your staff to click on the “x” at the top corner of the pop-up.

 

Tip Three: Test Your Staff and Phish Yourselves

Will your people fall victim to a phishing scam? It’s hard to manage users all the time and predict their judgement.

An undercover test is a great way to find which employees may fall prey. If any of your people get caught, then it is a good thing to reiterate some basic security and IT training when it comes to managing emails and avoiding cybercriminals.

 

Tip Four: Users Should Keep Up to Date Browsers

Popular browsers often release security patches in response to current trends. This includes loopholes that phishers and hackers find and exploit. Don’t ignore messages about updating your browsers. When an update is available, install it right away and inform your staff to do the same.

 

Tip Five: Leverage Firewalls to Stay Safe

Firewalls are made to protect your company. It will serve as a buffer between your device and the potential intruder. There are different kinds, so keep in mind that your IT team should have a desktop firewall and a network firewall. One is a software and one is a hardware. When both are utilized together, “teamwork makes the dream work” by dramatically reducing the odds of falling victim to phishing scams.

 

Tip Six: Verify a Site’s Security Before Engaging

Businesses often need to supply sensitive financial information and make payments online. If a website is secure, however, you’ll be fine. A couple of items to check for before submitting information include checking for the “https” in the URL address. There should also be a closed lock icon near the address bar. Look for the website’s security certificate.

 

Tip Seven: Encrypt Your Company’s Data

Cybercriminals are hiding the shadows, on the prowl, waiting to attack and that can be for any type of data you have lying around. Hackers look for data like banking information and social security numbers. Wherever a small to mid-sized business is keeping important, sensitive data, the IT department must ensure that is encrypted.

 

Tip Eight: Companies Should Back Up Daily

If you back up your data on, at least, a daily basis, you can revert to the back-up files if your computers or servers get locked.  This eliminates the need to pay a cybercriminal to get the data (or access to it) back.

 

There is no way to keep your company and your data 100% safe, but you can and should reduce your company’s vulnerabilities. A few simple cost-effective measures can make a big difference in decreasing both the likelihood and the financial effect of getting hacked.

What an SMB Should Expect from their CIO

Great Chief Information Officers are invaluable resources for any organization. They are also expensive, and for good reason. It’s a high-profile job with a lot of responsibility. They create business value through technology and plan strategically for business growth. They ensure that the company’s technology systems and processes are aligned with business goals.

Some of the other critical items that a CIO is responsible for are security and risk management, customer service platforms, IT architecture, vendor negotiations, supplier management, budgets and more.

According to PC Magazine, small businesses with basic technology can temporarily survive on cloud-based tools and “gumption.” But, there comes a time when someone other than the CEO is needed to oversee long-term IT initiatives.

The key goal in every organization is not just surviving, but thriving. SMBs want to grow the business. A major tool for growing the company is the technology it utilizes. When an SMB does not invest in its technology correctly or sufficiently, it will likely lose customers and market share to competitors. It is the CIO’s job to make sure that doesn’t happen.

 

The Benefits of a CIO

While the Chief Information Officer has a very demanding job, it is important to have a highly skilled professional handling these responsibilities. With limited C-Level executive oversight, the SMB needs a reliable partner to count on to make  informed decisions. The CIO has a thorough understanding of the needs of the business. This also lends itself to someone who is considered “centralized” across departments and company initiatives.

If your SMB is fragmented and departments do not collaborate, the CIO brings it all together, which in turn, lends itself to a better overall business strategy. A CIO’s strategy reaches across business goals and objectives as a company whole.

Chief Information Officers often have a long-standing history of professional excellence and with a large base salary, and, while they are critical to the success of an SMB, it can weigh heavily on the annual budget, not leaving room for other important items too, like lead generation, talent development/succession planning and sales initiatives.

 

The Case for a Fractional CIO

There comes a time when all growing companies should invest in a Chief Information Officer – so the leader can focus on their best and brightest use, as well as have an experience IT leader ensuring the organization reaps the rewards of growth-aligned technology.

When a small to mid-sized business is looking to get the benefits of a CIO without breaking the bank, outsourcing a “fractional” CIO (often called “vCIO”) can be a better option and more feasible.

The reasons for this are the same as for a full time CIO…

  • Having a fractional CIO still means that your SMB can expect technology and innovations to align to business objectives and growth plans.
  • A fractional CIO, just like a full time CIO, will build a strategic information technology
  • They will oversee technology initiatives, vendor selection, technology adoption, including any needed internal training.
  • They will oversee security and compliance and partner with risk management for the organization.
  • They will plan for disaster and recovery, helping assess your business continuity plan.
  • They will attend all important business meetings, as well as board meetings.
  • They will also build and test the role of the potential future full-time CIO, once you have the scale to require (and better afford) that position.

… with one exception: You will not incur the risk, time and cost of a full-time hire. An additional benefit of a fractional CIO is that they often come with the technical and process support of the greater organization that provides your company with the service offering.

For many organizations, the fractional option could very well deliver the best return on investment, provide a perfect transitional solution, as well as better define the role as you grow to a place where a full time CIO makes sense financially.

5 Reasons Your Inside “IT Guy” Is Becoming a Relic of the Past

There is a change in organizations across the US and globally. Remember the IT person? The one who walked through the office halls, arriving at cubicles and offices to help colleagues, fixing technical issues, as well as checking computers and machines like the ones in the server room? For most companies, that’s now a thing of the past.

Nicholas Fiorentino, Chief Executive Officer of CrediReady says, “…the IT professionals who patrol your office are becoming less and less relevant in today’s workforce.”

Particularly for small to mid-sized businesses, it just makes more sense to outsource the information technology department.

SMBs can get instantaneous benefits from outsourcing their IT needs, such as:

 

  1. Cost Savings and Better Budget Control

When small to mid-sized businesses outsource their IT, they gain better control over the IT budget. The organization can identify their needs and pay for IT “as needed.” Meaning, they do not have cover annual salary (or salaries) with vacation time and benefits, unrelated to the workload the IT person may, or may not, have.

With outsourcing, SMBs can isolate their budget to pay for technology services and projects solely (read: value and solutions) and move away from IT being a cost center. Not to mention, organizations can eliminate costly human capital management dollars for items like recruiting, hiring, training and onboarding while running the risk that a new hire and/or full-time employee may not work out and ultimately will leave the organization.

 

  1. Experienced Professionals for Every Project

While certifications are great to have as an IT professional is looking for a career, experience in the field is much more valuable. When organizations have in-house IT departments, it doesn’t necessarily offer a variety of work to those individuals with limited project scopes. They can become isolated in those type of environments, meaning that they might not have the ability to learn, grow and get the on-the-job experience that they could have from working with many companies on many types of projects.

As IT gets more complex and specialized, it’s harder and harder to find the journeyman IT person who can solve all the IT issues that arise. Outside firms, on the other hand, have experienced “been-there-done-that” resources who can solve these specialized issues as and wen they occur.  Or, better still, provide proactive counsel on how to avoid these issues.

 

  1. New Technology Can be Implemented Right Away

When embarking on a new IT project like an updated CRM, automated reporting, etc., outsourcing to experts reduces the time to complete and implement the new system. In-house IT staff may not have a lot of experience in that particular area and planning can take weeks or months. It may require hiring more people – even these same outsourced experts.

When SMBs outsource their IT projects, it reduces the typical challenges faced with implementing new technology.  Outsourcing new technology projects to experts will save time, dollars, and headaches. In short: SMBs can expect a smoother transition when outsourcing.

 

  1. More Bandwidth to Focus on the Main Business

Small to mid-sized businesses only have so many personnel they can afford to keep on staff. When you outsource items like IT needs, it leaves time and resources to focus on making other parts of the business better.

A quick rule of thumb here: If you have enough IT staff to fully handle the day-to-day, as well as all your IT projects (including the ones that pop up ongoing) then you are likely overstaffing your IT team.

 

  1. Minimizing Risks with Security and Compliance

When was the last time your SMB audited workstations? How about the servers? What about your back up recovery plan? Are you concerned about cybersecurity? (If not, you should be.) In fact, SMBs predict an increase in the security budget in 2019.

With so many threats, viruses, check points, and things to do to make sure that your organization has a solid and secure IT foundation, it’s gets daunting, even for a full-time in-house information technology department. Lessen the burden on your employees and protect the IT systems already in place by utilizing a robust, sophisticated, outsourced IT department. The investment will pay in spades when the security is never jeopardized due to in-house inexperience.