IT assessment, planning, execution, monitoring and preventative maintenance LEARN MORE

The Hidden Cost Of Computer Downtime And What To Do About It

It’s nearly impossible for a small business today to survive without the use of technology. How many small businesses are left that don’t at least use email? The catch is that even if only a small amount of technology is used by a business, it becomes dependent on that technology and can’t properly function without it.

The technology must allow users to reliably and efficiently access the systems and data they need to do their job. If it doesn’t, there are significant costs and these costs are often underestimated. If there is an attempt to quantify these costs, it often doesn’t go beyond just multiplying employee downtime by the employee’s hourly wage. Direct employee cost is only a small part of overall cost of downtime.

losing_money

There are numerous indirect or “soft” costs associated with downtime and though difficult to quantify, they can drain massive amounts of profit from a business.

A major indirect cost resulting from downtime is the cost of poor customer service when systems are unavailable or slow.

poor-customer-service

When a customer calls to place an order, or check the status of an order, and can’t because the system is slow or down, what does that cost in customer goodwill? Will they order again? Are they likely to promote your business? What’s the cost of losing that customer? What’s the opportunity cost of that customer not promoting your business?  What damage results from them actually badmouthing it?

whistpering-290x300

Another indirect cost relates to employee morale. When employees can’t effectively perform their duties because the system or their workstation is slow or down, not only is there lost productivity, but there’s frustration.

cartoon-guy-waiting-for-computer-hour-glass-3-sequential

Frustration can affect employee morale and employees can feel management doesn’t provide them the tools they need to succeed or that management in general, doesn’t care about them. Low employee moral can lead to a poor work ethic and employee turnover, both of which can represent huge costs.

So, because of a small businesses’ high dependence on technology, downtime costs are high when that technology is unavailable or inefficient.  The trick becomes minimizing downtime. The traditional “Break-fix” approach to IT management, where nothing is done until something “breaks” is largely responsible for excessive downtime. There is an increasingly popular realization that the Break-fix model is ultimately more costly to the organization than a proactive model. Break-fix is more costly, because it results in an under-performing, unsecure IT infrastructure and therefore MORE DOWNTIME! A key element to the proactive approach is “Remote Monitoring and Management” or “RMM.”

monitoring-image-1

RMM services watch over computers and networks 24/7 and identify conditions requiring attention. This allows for identifying issues before users are affected to minimize downtime. Additionally, if systems do need to be taken offline for repair, the work can be done non-intrusively, off hours to minimize business disruption.  Here are some of the things that can be monitored …

  1. Computer hard drive space (did you know that when a hard drive reaches 80% capacity, it starts to slow down)
  2. Computer hard drive performance
  3. Computer hard drive health (is the hard drive badly fragmented, developing bad sectors or about to fail?)
  4. Computer processor performance
  5. Computer memory performance
  6. Operating system stability – are all the latest patches applied?
  7. Power usage and battery backup charge
  8. Temperature monitoring – are hardware components ready to fail or does the cooling fan need to be replaced?
  9. Network speed
  10. Anti-virus status – are file definitions up to date and is the anti-virus software running?
  11. Security – do operating systems have the most current security updates and is the firewall preventing un-authorized access?
  12. Backup status – is the backup software running?

Remote maint & security

When left un-monitored, all these things can result in significant downtime. Poor security for example can cause systems or data to become unavailable when a cyberattack occurs. Significant downtime can be incurred waiting for systems to be restored or cleaned of a virus.

bored-woman-at-keyboard

Sometimes poor security can result in more than just downtime costs. For example, if internal or customer information is stolen or compromised, there’s potential law suites, increased insurance premiums and more lost goodwill with customers, prospects and possibly employees. You don’t have to look outside the Philadelphia area to see an example of this. In March 2016, Main Line Health Systems had personal information of more than 10,000 employees and 2,000 physicians stolen in a data breach. This not only affected the public image of the health system, …

Reputation Management

… but also resulted in costs associated with having to provide support services for employees, including credit monitoring and a call center.

 

Another way Remote Monitoring and Management reduces downtime, is by allowing for instant, secure, remote control.

remote-control

This instant control and access to equipment, its configuration and history allows for rapidly analyzing systems and resolving problems, for example, it allows for quickly servicing password reset requests and common lockout issues. RMM in general reduces on-site visits and ultimately save times and money.

With RMM, businesses can avoid the burden of IT management and focus on their core business activities, while professionals make sure systems are working properly. RMM results in lower overall IT cost and costs are incurred at a predictable monthly or other periodic rate.

There are many reasons systems can go down or access can be slow or lost, but if someone isn’t watching over them, these interruptions to business productivity can’t be stopped before they happen. Remote Monitoring and Management is a critical component to reducing downtime and saves big money in the areas of customer service/retention, employee productivity/morale/turnover, third party liability and business reputation.

Ten Ways to Protect Your Important Business Data

 

 

cyber-crime

Cyber Crime’s Rapid Growth

Did you know that cyber crime costs are projected to grow to $2 Trillion in 2019?1  That is almost four times the estimated costs of breaches in 2015. According to a new report by Hewlett Packard and the U.S-based Ponemon, hackers cost the average U.S. business $15.4 million per year2.

While large corporations have sizable IT departments, budgets and resources available, recent attacks on Target and other corporations show that they are still very vulnerable.  Because they have limited resources, including less IT support, small to mid-size businesses are especially exposed to attacks and cyber criminals know this.  These businesses often do not put formal security procedures and policies in place and do not properly train their employees on security issues. They are ripe for attack.

For more information about the business of cyber crime, please view the following video:

 

Cyber Crime Types

 

Cyber crime can include viruses, malware, hacking of websites or networks, phishing & social engineering, Botnets, Denial of services attacks (DoS), stolen devices and malicious insiders.  As the most common type of attack, viruses, spyware and malware may be unknowingly downloaded when an employee opens an attachment from a malicious email or visits websites with embedded viruses or malware while at work. They can cause computers to slow down and become unstable, track user keystrokes or can sometimes spread through the company’s network scrambling any data they run into.

Phishing is becoming an increasingly common way to gain access to important business and personal information.  Typically, it happens in a business when an employee receives an email which appears to be from a higher up and asks for employee or customer information.  Thinking it is a legitimate email, the employee replies with the requested information.

Phishing Example:

 

paypal_phish_example

Cyber Attacks Could Never Hit My Business

 

Some business owners don’t think that they could ever become victims of a cyber attack.  They say the chances are very slim.  Are they really?

Of the 252 businesses surveyed by the HP and Ponemon report, 99% reported being hit by virus and malware attacks, 62% were affected by phishing schemes, 45% had stolen devices and 35% experienced attacks by malicious insiders3.

You don’t have to look far in the Philadelphia area to find recent attacks.  In March 2016, an HR representative sent the personal information of about 11,000 Main Line Health System employees to a cyber criminal4.  This representative replied to a phishing email which appeared to be from a manager.

The point is that any individual and small to mid-sized business is vulnerable to intrusion by cyber criminals.  Therefore, it is extremely important to take steps to reduce this exposure and limit the damage, which could result from an attack.  Below, we will outline some of the basic steps business and personal users can take to protect themselves and their critical data.

Ten Ways to Protect Your Critical Business Data

 

Conduct a Security Audit

 

network_security1

Before your company can put certain security policies and procedures in place, it needs to assess the current state of its IT infrastructure.  An IT services company or professional will conduct a security audit where they will look at your network setup and configuration.  They will also closely examine all of the devices and software your company uses.  Finally, they will examine your website.

The main focus will be on the vulnerabilities which exist and eliminating those.  Could someone easily hack the wireless network?  Is there any firewall to prevent malicious traffic from entering or leaving the business’s network?  What email service is the business using?  Is it secure?

One of the most important parts of the audit is identify the company’s critical data and where it resides.  Knowing this information, you can design policies and procedures meant to protect and backup up this vital information.

Set and Communicate Company Security Procedures and Policies

 

While this may seem obvious to do, a lot of small to mid-sized companies do not have formal IT policies and procedures in place.  Even if they do, they may not have communicated these clearly to their employees.

These should be clearly defined and as detailed as possible.  Should every company computer lock up and require a password to log in after 30, 60 or 90 seconds?  Who should have access to which data?  What happens if an employee leaves or is fired?

Mobile devices, like smart phones and tablets, have added to the complexity of designing a plan.  There need to be specific rules related to what information employees can access using theses devices.  There also need to be plans as to what will be done if an employee’s laptop, phone or tablet is stolen or hacked away from the office.  Some companies require that their employees’ smart phones are set up so that they can be remotely wiped, in case they are stolen.

Install a Hardware Firewall

 

firewall-networkA hardware firewall is the first line of defense for a company’s network.  It will protect a company from suspicious traffic entering and leaving the company’s internal network.  It can also limit content and websites employees can access, which will prevent malware and viruses loading onto computers.  A firewall should have an active anti-virus subscription to screen any files or traffic entering.  For specific brands, Nucleus recommends Sonicwall or Cisco firewalls.

Separate Guest and Company Wireless Networks

 

Some businesses let visitors connect to their wireless network by giving them the network key.  This is an invitation for disaster.  Once someone gets this information, they can easily access important company information.

Businesses should set up a guest wireless network which is completely separate from their own wireless network.  Also, they should avoid using a Comcast or Verizon provided router.  These routers lack the security and configuration features of enterprise grade routers.  Also, they tend to transmit a weaker wireless signal which travels less distance.

Use Strong Passwords on Every Device

 

This may seem very obvious, but unfortunately when given complete freedom to set up their own passwords, employees often choose ones which are very easy to hack.  All you have to do is look at the 2015 top login passwords to see this.  “123456,” “password,” and “12345678” were the top three5.  It doesn’t take much imagination to guess these.

In general, passwords should be at least eight characters in length and require a capital letter, number and symbol to be secure.  Employees should not use the same password across all accounts.  If a hacker figures out an employee’s email password, then he or she will be able to get into all of the employee’s banking, file sharing and social media accounts.  Think of the damage that can be done!

Regularly Update Your Operating Systems and Software

 

Windows7Update_UpToDate

This seems like a simple practice, but many businesses fail to pay attention to updates.  Recently, we saw a server which had not installed any Windows or software updates for over a year and a half.  When you are in the middle of work, it is annoying to see a pop up asking you to do an update and restart the computer.  They always seem to come up at the worst time.   It is understandable that you might ignore or close out these popups to continue working.

It is very important to do Windows and software updates, because they will help your system to be protected from malware and virus exploits.  Operating Systems and software, that have not been updated leave a door open for these exploits.  At the very minimum, you should install Windows, Adobe and Java updates on a regular basis.

Install a Reputable Anti-virus on Every Device

 

While a hardware firewall provides an outer barrier for your company’s network, an anti-virus on a PC will provide a second layer of protection in case something was able to penetrate.  An anti-virus can prevent employees from downloading or running malicious files.  While many people think that their Macs and smart phones will not get viruses, the truth is that they can be infected.

Recently, Nucleus has seen more Macs getting infected.  As the number of smart phones in the world increases rapidly, cyber criminals are looking to infect and hack them.  Therefore, it would be smart for businesses to have antivirus installed on all smart phones and Apple devices.

Limit Remote Access to a Virtual Private Network (VPN)

 

Employees are increasingly working from home or remote locations and need access to important company information.  Smart businesses limit the amount of company data employees’ have on their devices, including smart phones and they centralize their data. If employees need to access company information, they should do it through a Virtual Private Network (VPN).  This is the most secure way to create a remote connection.

Encrypt Data and Emails

 

security-and-computer

Encryption adds another layer of protection to a company’s data.  It makes it nearly impossible for cyber criminals to access information.  If an encrypted laptop were to be stolen, it would be worthless to a criminal, except as a large paper weight.  Encrypted emails are transmitted in a way that the cyber criminal has no way to decipher the message.  There are many solid encryption software products, like VeraCrypt, DiskCryptor, Folderlock and Kryptos 2.

Backup and Disaster Recovery

 

While it is important to take steps to prevent any cyber attack from happening, it is impossible to protect your business 100%.  New and more complex malware and viruses are created each day.  For this reason, it is important to have a disaster recovery plan and data backup in place in case a cyber attack happens.

Your disaster recovery plan is the overarching plan which outlines how your business will respond when hit by a number of disastrous events.  These include fires, floods, hurricanes, power outages, terror attacks, virus and malware infections, hackings and harmful employee acts.   In the case your business location(s) is(are) completely destroyed or unusable, you want to have an alternative offsite location to conduct business.  You want to designate who will communicate with everyone in the business about the next steps and which employees will be expected to show up at the alternative location.

Your data backup is a critical part of the disaster recovery plan.  We have been able to save several clients by restoring backups when their systems have been encrypted by the Cryptolocker virus and other “ransomware.”   Typically, we recommend both onsite and offsite backups.  Your backup should be frequent and automatic, so it is not dependent on anyone remembering to do it.

Final Thoughts

 

Today, cyber crime attacks are happening more frequently and causing more damage to individuals and businesses every day.  Because of a lack of resources, small to mid-sized companies are especially susceptible.  Owners and employees have only a limited amount of time to dedicate to IT security issues before their daily focus is pulled away from operations.

Cyber crime’s growing threat makes it increasingly important that businesses better protect themselves.  In order to give businesses a starting point, this blog post has covered some of the basic protective steps every owner, manager and employee should take.  After these steps, there is much more that can be done.  Our future posts will touch on these next steps.

Stay tuned!

References:

 

1 Juniper Research “Cybercrime will Cost Businesses over $2 Trillion by 2019:  Link to Article
2 Ponemon Institute “2015 Cost of Cyber Crime Study”: Link to Download the Study
3 Ponemon Institute “2015 Cost of Cyber Crime Study”: Link to Download the Study
4 ABC 6 News “Main Line Health Employees’ Information Compromised in Email Scam”: Link to Article
5 Gizmodo.com “The 25 Most Popular Passwords of 2015”: Link to Article