Category Archives: Uncategorized

DNS Filtering and Your Business

As cybercriminals and hackers continue to grow in numbers and expand their capabilities to infiltrate your network, your business must continue to leverage more resources to tighten your processes.

The key for today’s cyber security dangers is for IT professionals and their executives to ensure the organization is using a “multi-layer” approach. A multi-layer approach includes email security, spam filtering, antivirus, managed security services, managed firewall and last, but not least, DNS filtering.

How DNS Filtering Works

Domain Name System filtering, or DNS filtering for short, is a technique that is used to block access to some webpages, websites or IP addresses.  For example, DNS allows for domain names, ones that are easy to remember. Or, for instance, an example like “,” which is easier to remember than the IP address, like In short: DNS is what maps an IP address to its domain name.

When DNS filtering is utilized, it blocks requests to webpages and IP addresses that are known as malicious. When the user attempts to connect to the website, instead of viewing the page that was requested, the user will see a blocked page screen detailing that it cannot be accessed from your network.

The control can be applied in a few ways: It can be applied via your ISP, at a router level, or a third party such as a web filtering service.

When using a third party, the user would point their DNS to the provider. The third-party service provider keeps a blacklist of malicious IP addresses and webpages. When a site has a reputation for being malicious, access is then blocked.

DNS filtering is optimized to process a high volume of data messages with minimal delay. To the user and your business, this means that there will be virtually no postponement in accessing safe websites, ones that do not breach the AUP or Acceptable (Internet) Usage Policies.

DNS Filters Role with Malicious Websites

To begin, a DNS filtering solution will not block “all” malicious websites. It’s unfortunate, but keep in mind that a webpage must first be determined as malicious before it can be blocked. When a cybercriminal creates a new phishing webpage, it will take some time to be checked, identified and blacklisted. On the other hand, a DNS web filter block does catch most malicious websites, and pages can be added quickly as they are uncovered, such as through your e-mail security programs.

With cyber security being such a hot topic in today’s economy and with multi-layer approaches serving as the best form of defense to small businesses (preventing potential damage to your IT infrastructure), adding DNS Filtering is becoming a more and more common part of a security protocol.

Start With a Couple Questions.

What’s your multi-layer approach to combatting cyber-attacks?  Does it include DNS filtering? 

These two questions are good places to start the conversation or, refresh the discussion on how to stay ahead of hacks.

GDPR Celebrates One Year of Implementation

GDPR, or General Data Protection Regulation, was enforced beginning May 25, 2018. Since then, European data protection authorities have reported that they have received nearly 90,000 individual data breach notifications. It is important to add that this number only includes organizations that are trying to comply with the GDPR enforcement. Likewise, the European data protection authorities have confirmed that during this same time-period, complaints and questions were reported by nearly 145,000 concerned citizens.

While a number of reports have been published, European data protection authorities are not being transparent about the collection of fines thus far as a result of GDPR. A few third-party investigations have been led to believe that, at minimum, more than 100 organizations had to pay fines for not complying with GDPR.

Google was fined 50 million euros earlier this year by French authorities and is appealing. The corporate giant was accused of collecting personal data without providing enough transparency to its users about data usage. Specifically, the data was utilized to personalize ads to users while on its platform.

>>GDPR specifically requires organizations to obtain consent to use personal data and this includes every specific use of the data. A “blanket” consent is not permitted.

The Purpose of GDPR

Last Spring, GDPR replaced the Data Protection Directive 95/46/ec. It was agreed upon as the primary law, by European Parliament and Council, to regulate how companies protect the personal data of the European Union citizens.

GDPR includes:

  • Data processing that requires the consent of the subject
  • Protecting privacy by making collected data anonymous
  • Data breach notifications that are provided
  • Transferring data across borders must be done so safely
  • Some organizations are required to appoint a Data Protection Officer with the responsibility of overseeing compliance of GDPR

There are six privacy principles to GDPR:

  1. Purpose limitations
  2. Data minimization
  3. Storage limitations
  4. Integrity and confidentiality
  5. Accuracy
  6. Lawfulness, fairness and transparency

How GDPR Affects Your Business

It doesn’t matter where you are located. If your business markets goods or services to EU residents, then your business is subject to GDPR regulation and it could be fined for not complying. If your business collects any of the regulated data from European users, you are also liable to comply with GDPR.

American websites that do comply with GDPR can have their European access removed.  For example, a number of large US publications such as the LA Times and Chicago Tribune were temporarily blocked for not complying.

Will Regulations Be Implemented in the US Similar to GDPR?

American data privacy has caught the attention of the public eye with increased political scrutiny. While there is not federal data privacy legislation currently, there has been much discussion regarding this topic. Most notably, the recent congressional hearings that took place with Facebook founder Mark Zuckerberg was prominent in the media.

Some states have passed their own laws. The California Consumer Privacy Act may be the most recognizable and could very well be the test case for future state laws.

As a result of GDPR, an Ovum report says that approximately two-thirds of US companies could be rethinking their strategy in Europe. US businesses are anticipating an increase in US data privacy regulations, which means that it is about time to implement better data protection measures across their organization.

Be Aware and Prepared for GDPR Compliance

Large enterprises and small businesses alike must have procedures and operations currently in place to comply with GDPR – or risk debilitating fines and/or loss of customer access.

Even if your business is compliant, changes can take place over time, so it is important to stay informed of recent developments.

In short: the sooner and better you understand GDPR and your data privacy risks, and put policies into place, the more confident you can be about your company’s ability to compete moving forward … and the more trust your customers and clients can put into your business.

The Value of a Technical Project Manager

If your business is looking forward to expansion, technology will play a key role. Chances are your technology projects, upgrades and general backlog are a part of a list that continues to grow and seems quite overwhelming. Therefore, a Technical Project Manager can be a key player on your team.

The main responsibility of a Technical Project Manager is to develop and maintain one or more technology project plans. This means:

  • Outlining project tasks
  • Milestone dates
  • Statuses
  • Allocating resources

This person will also be tasked with creating technical documentation, as well as be the one to report on progress of project(s). Not to mention, this individual will adhere to budgets. The Technical Project Manager will keep project(s) on track for successful completion.

It is not a job for the faint of heart, but rather a strong, organized team player that knows how to communicate well with your people.

The Benefits of Working with a Technical Project Manager

Why are Technical Project Managers so great to have? Let’s count the ways!

First, your business will get better estimates on the time involved for a project. Artificial Intelligence (AI) can’t account for human factors like a human can. They say that software development estimates are many times off, even by a factor of 2-3 times. That’s because a Technical Project Manager can talk face-to-face with team members to get real-time answers versus a computer-generated guess. A person can uncover and plan for timing that numbers crunched on a calculator would not be able to deduce or find.

Second, a Technical Project Manager is the eyes and ears in meetings that takes notes and records requirements from team members’ input. Going hand in hand with understanding the feedback from the people involved in the project, a Technical Project Manager is also there to make suggestions and generate ideas to improve solutions and project plans.

Thirdly, the Technical Project Manager serves as a link between the QA team and developers of a technology project to maintain the relationship and means of communication back and forth. This person can even “smoke test” before a QA team gets involved.

Lastly, consider that when a technical project is fully launched, there are end users that will engage with it. The everyday users will have input. Was the technology successful? Did it solve the problem or serve its purpose? Is it easy to use? Is it functioning correctly? Did it make work easier or better after it was implemented? The Technical Project Manager will gather feedback and determine the overall success of a project … preferably alpha and beta testing core functionality along the way, so you learn the likelihood of success very early on.

What Type of Person Makes for a Superb Technical Project Manager?

For a good Technical Project Manager, organized is an understatement. This person obsesses over the details and gets down to granular-level thinking of how a project will function. This person may be focused on the details, but certainly will not lose sight of the “big picture.”

Naturally, the right Technical Project Manager for your business is a team player with superior communication skills, keeping the people around them during any project inspired and motivated to do his or her best and keep up on their piece of the puzzle. Additionally, the power of persuasion can come in handy, along with an empathetic attitude and articulate way of carrying his or herself.

Technical projects are daunting for any size business, but making sure that they are completed on time, correctly, and to the best of everyone’s ability, is critical to the overall success of the organization. Communication lines must be open. That’s why there is so much value in putting these projects in the hands of a capable person that you can trust.

Tips for Preventing Fraud in Your Small Business

As a small business owner, fraud prevention may be at the bottom of the barrel when it comes to your actionable priorities. It should, however, be at the top.

The ACFE, or Association of Certified Fraud Examiners, reported that in 2016, organizations with fewer than 100 employees experienced a median fraud loss of $150,000. Imagine that loss to your bottom line.

There is some silver lining here, which is that there are a few easy steps that small businesses can take in order to detect and deter fraud before it happens to your small business.

The Most Prevalent Types of Fraud

Fraud comes in many shapes and sizes, it’s not one size fits all, which is why it can be difficult to manage and assess. To simplify things, start with examining your relationships with employees on the inside and vendors on the outside. Even if someone may seem to be the most trusted and loyal individual to the organization, this person could be in financial trouble or he or she can be resentful of the business. These stress factors can be the cause of someone committing fraud against your organization. Or, it could be a trusted vendor or supplier that is sending your company inferior products to reduce expenditures and/or misrepresenting themselves and the invoice.

There is also fraud of intellectual property and trade secrets, which can be a more complex type of fraud. Regardless, it is very serious indeed. Copyright infringement can cause major damage to your business, including your brand and your reputation, making recovery a very long to almost impossible process.

Despite that there are many types of lingering fraud, there are simple ways you can make your small business safer and it doesn’t need to cost a lot either. It comes down to reducing risk.

Investigate Your People Before You Hire Them

While background checks may seem like an unnecessary additional cost, it can save you a lot in the future. It is imperative you investigate candidates no matter how nice he or she seems. Run a criminal background check and reach out to references. Even get on the phone and call the candidate’s references (or, better yet, others you might know at that company.) A quick sweep of a person’s background can uncover a history of fraud or red flags, giving your small business the intel needed so that you know not to bring this person onboard, or be forewarned of potential issues.

Open Communications and an Open Door

Communication is also critical to preventing fraud. Employees that are not management may notice things that leadership cannot see. Employees should feel comfortable and safe speaking up and voicing their concerns. Your people need be able to feel like they can bring up anything suspicious to management and leadership. For employees that may be encountering financial hardship, some small businesses have an added benefit of offering small loan services. These are paid back through payroll deductions and an alternative to stealing.

>> Tip: Watch for people who refuse to take vacations, that is, who are concerned that others have access to their files and processes. 

A Clear Fraud Policy Statement for Employees

While you may feel that fraud is against company policy and that it is common sense amongst staff, it still needs be stated.

There should be a contract in place, one that all employees must sign. Your small business needs to put your expectations in writing. Include a statement that your organization values honesty in its brand and its employees. Also, be clear about the consequences – and enforcement policies – should an employee commit fraud.

Investigate Your Vendors and Suppliers

If you are looking to do business with a vendor, keep in mind that the supplier you choose is just as critical to your organization as your own people are. They are an extension of your brand. Run a sweep of any vendor and look for potential red flags. Some things to look for are irregular invoice patterns, pending lawsuits and even a criminal past.

Safeguard Your Small Business’s Intellectual Property

Common targets of potential fraud include stealing copyrights, trademarks, patents and contact lists.  Add this as part of your Fraud Prevention Policy. Add a section regarding intellectual property (IP) and make sure that your employees are aware of it. You should consider registering any trademarks and patenting any intellectual property.

A good first step here is to actually create a list of your intellectual property and what is most important for you to protect. Then creating a plan, such as limiting and tracking access, to mitigate the risk of IP theft.

What is NIST and Why Small Business Owners Should Care

To begin, NIST is the National Institute of Standards and Technology. NIST is a non-regulatory federal agency that was founded in 1901 and it is under the Department of Commerce. Their mission is to promote U.S. innovation and industrial competitiveness. They achieve this by advancing measurement science, standards and technology in ways that enhance economic security while also improving quality of life.

In general, NIST provides guidance, setting a standard for recommended security controls. Often, complying with NIST guidelines and recommendations means that a federal agency is ensuring compliance with other regulations like HIPAA, FISMA, or SOX.

NIST Small Business Cybersecurity ACT S.770

In August 2018, a new act was signed, the NIST Small Business Cybersecurity Act S.770. The NIST Cyber Security Framework or CSF was originally developed as a set of cybersecurity standards for government agencies to use. Now, as a result of the new act, NIST CSF, formerly known as the MAIN STREET Cybersecurity Act, is available to public use. US compliance regulations such as PCI and HIPAA are formed based on the NIST Cyber Security Framework or CSF.

NIST CSF provides a policy framework. It provides computer security guidance for how U.S. private sector organizations can assess and improve their ability to prevent, detect and respond to today’s rapid growth of cyberattacks.

The new bill has a goal of considering the needs of small business owners like yours and future standards. It raises awareness as small businesses are very much affected by cyber threats and will greatly reduce their cyber risks.

Providing Cyber Defense Resources

NIST CSF will provide information resources that must be generally applicable to a wide array of small businesses. They will promote cybersecurity awareness and a workplace cybersecurity culture. They will include practical application strategies.

Keep in mind that using these resources is voluntary (which is also considered a drawback), but also take in to consideration that the act was well-received by the security industry.

Cybersecurity Continues to be a Grave Concern for Small Businesses Entering 2019

The technology community can agree that 2018 was quite an interesting year for anything related to cyber security. Cyber breaches became a common, weekly occurrence.

As times have changed and cyber security has risen on the charts to become such a great risk for today’s small businesses, there will need to be some improvements made in the new year regarding cyber security regulations. The difficulty with new regulations is speed. Cyber security moves much, much faster than regulations do.

Speed and the constantly evolving nature of cyber threats means that organizations need people with security skills, either in-house and full-time or an outsourced partner. Outsourcing is becoming an easier solution as there is a global shortage of cyber security skills and talent. The demand far outweighs the supply in this case.

Education is Essential for Success

NIST is there to help your small business and so is the option to outsource your cyber security needs with a reputable firm. Additionally, the best defense is a good offense and that means educating and training your people. Creating custom, tailored training programs is key to success and staying cyber safe.

3 Predictions and 3 Tips for Small Business Cyber Security in 2019

Although 2019 brings a world of possibilities, the new year also brings more intense cyber security threats.  Cyber security threats are indeed on the rise and they are a tremendous concern for small businesses.

Looking back at 2018, numerous well-known, name-brand organizations, as well as international companies, suffered from significant cyber breaches.

Personal records were stolen in masses, such as:

  • 340 million from Exactis
  • 150 million from Under Armour myfitnesspal
  • 30 million from Facebook

Many experts feel that this is likely just the beginning and that cybercriminals will continue to evolve and get craftier. There are many predictions for what lies ahead.

Prediction 1: Cyber Attackers Will Leverage Artificial Intelligence (AI)

For 2019, it will be more than just cyber attackers going after AI systems. Today, they will enlist artificial intelligence to help them attack. Automated systems could probe systems and networks. They will search for vulnerabilities and exploit them where possible. AI will also have the capability to make phishing scams even more sophisticated.

Prediction 2: 5G Expanding Will Expand the Cyber Attackers Surface Area

While 5G has been the focus of smart phones, 5G-capable phones may be limited in 2019. In the meantime, carriers are trying to gain more traction with 5G mobile hotspots and 5G-equipped routers for use at home.

Making the shift to 5G means new architectures and new operational models which also means new vulnerabilities. Currently, many 5G IoT devices connect via Wi-Fi and over time, more will connect directly to the 5G network, which may lead to vulnerabilities in a direct attack. 

Prediction 3: Data in Transit Cyber Attacks Will Increase

It is expected that there may be an increase with attempts to attain access to home routers as well as other IoT hubs to steal data passing through them. If malware was installed in a router such as the afore mentioned, it could essentially capture information such as banking credentials and credit card numbers.

While the 2019 cyber attackers continue to evolve and find new ways of attacking, there are still current methods that are used to stay safe and these are ones that you should continue to use.

Tip 1: Use Multi-Factor Authentication for Online Transactions

While the various forms of multi-factor authentication can frustrate and confuse users, your organization should use it. It may not seem like it is the best solution, however it is much, much safer than password-only access. For users that may not appreciate the extra step, consider adding a line or verbiage reminding them that it is there for cyber safety purposes and not meant to be a nuisance.

Tip 2: Train Your People to Avoid Phishing Scams

While certainly not new to 2019, phishing scams continue to take a make a huge splash with affecting cyber security. In fact, the volume continues to increase. In general, your employees need to be cautious about giving out financial information over the Internet.

Phishers commonly will email heartbreaking or exciting news which of course is completely NOT TRUE. They will attempt to have the victim send personal information such as social security numbers, usernames, passwords, credit card numbers and more. Train your employees to only send account information or credit card numbers through either a secure website or via the telephone. Don’t transmit sensitive information via public, unsecured WiFi.

Tip 3: Keep the Leaders at Your Organization Involved and Informed

It is likely that in 2019, your organization will need to beef up its budget when it comes to cybersecurity intelligence and analytics. As cyber attackers can cause detrimental harm to how your organization runs its business, it is not an area of the business to skimp on when it comes to making investments. Your leadership must be well-aware of what is necessary to keep your business cyber safe, how much it will cost, and the consequences of not taking such recommended measures.

Plan for Change

For your company to survive, let alone thrive, you need to be able to adapt to change. Your technology and your IT provider must be more than just up-to-date, but also, they must be versatile to prepare and react to change, especially unwelcomed change.

Positive and negative change always happens with technology. As new technology is introduced, so are new problems and threats, such as security breaches, fraud, Acts of God and more.  Furthermore, employees who leave the organization can be a major security issue. It is the IT department’s responsibility to revoke system access including computer, network and data.

Regardlessof the impending issue, you need to prepare ahead of time to mitigate risk. Inshort: this means having a plan in place that can get your business back up andoperating as usual.

>> The data is not comforting: 40 percent of businesses do not reopen after a disaster. 90 percent of businesses that undertake a data center outage greater than a week will go out of business within the year.

A Disaster Recovery Plan

Every small to mid-sized business needs a documented, well-written disaster recovery plan and, certainly, before the disaster occurs.  You will also need to consider your geographical area and if there are natural disasters that may occur in your region that can affect your ability to operate your business. Take note of the warning systems available for these potential occurrences and include that in your plan.

Select a “recovery team.” Assign roles and meet with designated employees to discuss their set of responsibilities in case of a disaster. And make sure these roles updated. Often business continuity plans (BCPs) include the names of people who are no longer at the company.

In any disaster, a plan of communication is crucial. Your company can create a “communication tree.” Be sure to store copies of the tree both in your place of business and outside your place of business – and make sure the relevant teams have access to the parts (and only the parts) they need.  The plan should include more than one communication method. Be sure to include phone calls, emails, texting and even battery operated walkie-talkies.

When creating your company’s disaster recovery communication tree, include vendors as well, like your insurance provider, electrician and a plumber. And, of course, your IT provider. Create a list of customers and media contacts as well.

In case of a disaster or critical threat, the show must go on as they say. Identify critical functions as part of your plan. Look at each team or business function and assign a level of priority, from mission-critical to low. Additionally, determine how much downtime would be appropriate or acceptable for each function. Ask the question: how long can the business operate without each function?

Protect Your Company’s Data in Case of a Disaster

Every business, regardless of size, needs a BDR, or data backup and disaster recovery system. BDR’s not only protect your organization from natural disasters but cyber-attacks as well. In case of a catastrophe, a BDR ensures that data is not wiped out and minimizes downtime. Keeping your company’s data protected is critical for its success.

Once you have proper backup of your systems and data, have your IT team test it from time to time. A few fire drills per year to find potential errors or pitfalls is better uncovered before a disaster happens versus after it has occurred, with no turning back.

As a part of your data, your company should have details on the organization’s equipment. This includes, in addition to a detailed list, photos or a video recording of equipment. In case of a disaster, your company will need to provide records to the insurance to process claims. Photos and video will service well as proof.

2FA or MFA – That is the Question

Keeping your company cybersafe and training your people to follow suit is a bit unnerving for a small to mid-sized business. The good news is that there are ways to simplify portions of cybersecurity that will make a world of difference for your IT folks.

Asking your employees to make long, complicated passwords that “cannot be guessed” is no longer the best way to safeguard your data.

In today’s digital business world, a great defensive method to stay clear of potential cyber threats and cybercrimes is with two-factor authentication and multi-factor authentication.

Two-Factor Authentication

You’ve certainly seen it and encountered it on applications and social media accounts that we all use. Twitter, Facebook and Gmail have begun using two-factor authentication, otherwise known as 2FA. It can also be referenced as a “two-step verification” process.

Think of it like when you call your credit card company and are asked for pieces of information that only you would know, providing evidence that you are, in fact, YOU.

When two-factor authentication is utilized, it requires two forms of identity verification prior to having access to an application. When both factors are verified, the end user has access. For example, you may be sent an SMS code that is valid for a short time and must be entered correctly in order to gain access to an application.

2FA is an added layer of protection for your data and is certainly more secure than just one single factor, such as a complex, long password with numerous unique characters that, despite the user’s best efforts, can easily be stolen or hacked.

With the two-factor authentication, the cyber attacker or imposter would need not only your password, but would also need your second factor as well to gain access to an application on your behalf.

Multi-Factor Authentication

Multi-factor authentication, or MFA, combines what you are, what you know, and what you have. When multi-factor authentication is enabled, the administrator defines a second factor in addition to a password that a user must validate in order to gain access. Multi-factor grants access to your company’s applications through multiple data points.

While MFAs seem great, there are organization that are not adopting this security measure as to not disrupt or irritate their end users or customers. However, this should not be the case. The key is to keep a flexible policy alongside your MFA so that users are not compromised or annoyed while gaining access to your application.

2FA or MFA: Which is Better?

As always, choosing if a 2FA or MFA is better for your company’s security is not a one size fits all answer. To analyze this for your company, keep in mind that there are three possible ways that a user can validate that it is in fact them. They are knowledge, possession, and inherence.

Knowledge is what he or she knows, which would be like asking for a password and requesting answers to security questions.

Possession would be what supplies the person has on them, such as a mobile device, a one-time password or even a YubiKey.

Inherence, on the other hand, is based on a unique characteristic that the user has. This can be items such as voice recognition, a retina scan, or a fingerprint.

Two-factor authentication is just that, it relies on two factors as described above. Multi-factor can be two of the above factors or it can possibly involve all three, even inherence. If you think about it, iPhones use a fingerprint for access – and are increasingly moving towards MFA for financial applications.

Whichever authentication you choose for your company’s application, 2FA or MFA, it is better than asking users for one long, complex password – which can be easily forgotten and, year by year, more easily cracked.

Simply adding one more factor can be your best defense against cyber attackers and cyber criminals.

What an SMB Should Expect from their CIO

Great Chief Information Officers are invaluable resources for any organization. They are also expensive, and for good reason. It’s a high-profile job with a lot of responsibility. They create business value through technology and plan strategically for business growth. They ensure that the company’s technology systems and processes are aligned with business goals.

Some of the other critical items that a CIO is responsible for are security and risk management, customer service platforms, IT architecture, vendor negotiations, supplier management, budgets and more.

According to PC Magazine, small businesses with basic technology can temporarily survive on cloud-based tools and “gumption.” But, there comes a time when someone other than the CEO is needed to oversee long-term IT initiatives.

The key goal in every organization is not just surviving, but thriving. SMBs want to grow the business. A major tool for growing the company is the technology it utilizes. When an SMB does not invest in its technology correctly or sufficiently, it will likely lose customers and market share to competitors. It is the CIO’s job to make sure that doesn’t happen.


The Benefits of a CIO

While the Chief Information Officer has a very demanding job, it is important to have a highly skilled professional handling these responsibilities. With limited C-Level executive oversight, the SMB needs a reliable partner to count on to make  informed decisions. The CIO has a thorough understanding of the needs of the business. This also lends itself to someone who is considered “centralized” across departments and company initiatives.

If your SMB is fragmented and departments do not collaborate, the CIO brings it all together, which in turn, lends itself to a better overall business strategy. A CIO’s strategy reaches across business goals and objectives as a company whole.

Chief Information Officers often have a long-standing history of professional excellence and with a large base salary, and, while they are critical to the success of an SMB, it can weigh heavily on the annual budget, not leaving room for other important items too, like lead generation, talent development/succession planning and sales initiatives.


The Case for a Fractional CIO

There comes a time when all growing companies should invest in a Chief Information Officer – so the leader can focus on their best and brightest use, as well as have an experience IT leader ensuring the organization reaps the rewards of growth-aligned technology.

When a small to mid-sized business is looking to get the benefits of a CIO without breaking the bank, outsourcing a “fractional” CIO (often called “vCIO”) can be a better option and more feasible.

The reasons for this are the same as for a full time CIO…

  • Having a fractional CIO still means that your SMB can expect technology and innovations to align to business objectives and growth plans.
  • A fractional CIO, just like a full time CIO, will build a strategic information technology
  • They will oversee technology initiatives, vendor selection, technology adoption, including any needed internal training.
  • They will oversee security and compliance and partner with risk management for the organization.
  • They will plan for disaster and recovery, helping assess your business continuity plan.
  • They will attend all important business meetings, as well as board meetings.
  • They will also build and test the role of the potential future full-time CIO, once you have the scale to require (and better afford) that position.

… with one exception: You will not incur the risk, time and cost of a full-time hire. An additional benefit of a fractional CIO is that they often come with the technical and process support of the greater organization that provides your company with the service offering.

For many organizations, the fractional option could very well deliver the best return on investment, provide a perfect transitional solution, as well as better define the role as you grow to a place where a full time CIO makes sense financially.

What “Digital Disruption” Means for your Growing Small Business

Digital disruption is affecting every type of company out there, regardless if you’re small, mid-sized or large. Companies must respond quickly to new and improved demands for digital technology. If your company does not act and stay on top of digital transformation trends, then your company will lose valuable business and revenue.  Once a customer is lost to someone who is doing it better, it’s hard to get them back.

First, Some Statistics on Digital Disruption in 2018

Over half of the world’s population is online with 4.1 billion internet users. During the past 12 months, there was one quarter of one billion new users. The average person using the internet reports spending about 6 hours each day online.

The cloud continues to gain momentum. By this year, 60% of enterprise IT will be in the cloud versus off-premises. Also, this year, 90% of the population will have data storage in the cloud that is both free and unlimited.

Good news comes in spades when it comes to companies keeping up with digital disruption. A recent article from Converge Technology + Business says that 65% of businesses feel positive about change. They feel that, in the next 3 years, they can adapt to disruption. What’s even better is that almost half of company’s digital transformation efforts are being led by CEOs or Board Members. Most companies, 2 out of 3 in fact, report to being capable of making the change for digital disruption.

Digital Disruption Offers Many Challenges to SMBs

Small and midsize businesses need to consider multiple departments beyond IT. While the information technology department must be working on efficiency, customer service and other client-facing departments also are a big part of customer experience. The way that your people interact with your customers, organization wide, needs to be efficient, top-notch, seamless and flawless. People are judging your business not only by others in your industry, but by the best-case examples they see any time they open a browser window or click an app.

The biggest challenge for departments to overcome barriers to today’s digital transformation is being on the same page.  Small and midsize businesses may have difficulties integrating with one another. Misaligning objectives and lacking resources create obstacles. To be competitive in today’s digital market, SMBs must finds ways address these challenges.

What’s an SMB to do?

It starts with one word: innovation. Using the same model, “making patches” and “tweaks” no longer works. Technology professionals and small and midsize business leadership must understand what challenges are being faced, both in the present as well as down the road, and find ways to handle it. From application development to new systems, procedures and approaches, recycling old assets won’t win the digital disruption race. Companies must throw out old solutions and create new ones, from the ground up.

They needn’t be wholesale changes, just new ones.  Ones that speed up a process, combine workflows from other applications they use, or remember key information so the customers only have to enter it once, or not repeat it on the phone when they call you. And they needn’t be new to the internet, simply new to your industry.  Efficiency and being nimble is what gives SMB companies an advantage over the enterprise level.

While AI technology may seem like an old topic, with Alexa, Siri, and customer service chatbots being around for some time, it doesn’t mean that it won’t continue to play a big part in the future of digital disruption. There is a lot of power to be seen in artificial intelligence for SMBs, from customer service, to robotics, to analytics and not to mention marketing. AI has the power to surprise and amaze customers. Artificial intelligence can connect and communicate your business with its customers in a way that they may not expect, but will certainly appreciate. From email to content generation, this can be faster, cheaper and smarter automation for your business. When technology professionals are innovating ways for better customer service, make sure to leverage AI.

Further, to conquer digital disruption challenges, once technology professionals create or find new innovative solutions, think API or application program interface. By definition, according to webopedia, API is a set of protocols, routines, and tools for building software applications, specifying how software components should interact.  By making your technologies interface better with the other technologies your customers use, you can increase their satisfaction and the ‘stickiness’ of your solutions.

The ability to connect applications and data – and help your customers interact with you more efficiently – is the difference between surviving and thriving versus being left behind.