Category archive

Technology

Five Essential Lessons to be Learned When It Goes Very, Very Wrong

in Columns/Technology
Joe Balsarotti

By JOE BALSAROTTI

As I write this column, my staff is in the fourth week of a nightmare scenario for a technology provider. One of our long-time vendors, who provided email and web hosting services, gave 30-day notice that the company was closing down. This followed a series of incidents in short succession of one client’s email being hacked, his tech making a grave error in an attempt to recover data and as a result, the destruction of a number of other clients’ data.

Luckily all but one client did get their data back, but significant downtime resulted for these businesses. Many of those affected by the shuttering of the vendor are our clients, but a number of them were not. Nevertheless, we offered to assist anyone who wanted help during the transition.

Through our industry associations, I’ve always kept a list of trusted colleagues who provide products and services that are complementary to ours. I’ve also kept a list of trusted colleagues who could act as a backup if we needed help. That planning paid off. We were able to work with a company who provided similar services and had the resources to be able to onboard those who were stranded in the digital sea before the looming deadline.

The process of switching all these companies over has been daunting. Each client’s setup is a little different. Some just use email, others depend upon their websites and many utilize both. This was about as close to a nightmare scenario as one can get, except that there was at least a month’s notice.

Working through all of this brought to light many important points.

First off, as we’ve covered before, do you own your data? A handful of the clients had their website created by that vendor and were never given access to it, nor were they given a copy of their data. Unfortunately, that means they will have to pay to have a new website designed for them. It’s not something they were expecting or budgeting for. And until the new site is completed, they don’t have a presence on the web.

Secondly, moving email providers is about the most labor-intensive project one can have. Someone has to touch not only every computer, but also every email and user account on each computer. Local data needs to be backed up, changes made, connections tested and data restored. With the volume of email some users keep, this can be a two- to three-hour process just for one account. Now multiply that by about 800 and you comprehend the scope of the task belonging not only to my team, but to the new datacenter and its staff as well.

We did our best to prioritize those who needed 24/7 access to their email, those who could do with checking through webmail during a transition and a select few who welcomed a day or two of digital peace and quiet.

“Always in motion, this project is,” paraphrasing Yoda. Like any major project your business takes on, making sure you’ve accounted for how much time is spent on each client is essential. With so many separate clients and each user needing attention, it’s easy to lose track as techs get sucked into a rabbit hole resolving one problem or another. Organization is key. Even if it starts to fail under the stress, at least there is a framework to keep the project moving forward.

The third point that reared its ugly head was documentation, or the complete lack of it at many clients. The vendor dealt with these clients directly. And although we often acted as a consultant or even a translator between them, we were not privy to the transactions between them. Many clients were sent scrambling to find account numbers, passwords and to track down who controlled (or even owned) domain names. Getting in contact with the website designers was nearly impossible, as many sites were old and their designers had long since moved on.

The fourth point brought to light was the lack of attention to websites. With only a handful of exceptions, all these clients’ sites were running drastically out-of-date software, security was nonexistent and the web designers who (as we’ve discussed in this column before) should have been doing ongoing maintenance on the sites, never even bothered to discuss it with the clients, let alone sell them on it. One of the affected sites was infected with a virus. As such, we could not download the client’s data because our security systems prevented it, as they should have. If we would have had another month to go through the process, we would have been able to save it, but the cost of cleaning and updating data just to be able to transfer it probably exceeds what designing from scratch would cost.

Lastly, misplaced trust in the cloud was amazing to me. As many times as we preach to clients that they must make backups, the number of businesses who made the faulty assumption that the vendor would have everything available forever – and they didn’t have to take any precautions themselves – was astonishing. The initial problem this vendor had was exasperated by a technician’s error, which then revealed that their assurances of data security were not as they had been portrayed.

The moral of this story – which continues to play out – is that with organization and a little planning, your business can survive a major disruption such as losing a key vendor. There will be a price to pay, however. Lost productivity, unforeseen costs and the potential of lost business are givens. How impactful this can be to your business comes down to how much time and effort you’ve put into being prepared.

Joe Balsarotti is president of Software To Go and is a 38-year veteran of the computer industry, reaching back to the days of the Apple II. He served three terms as chairman of the National Federation of Independent Business’ Missouri Leadership Council, as chairman of the Clayton, Missouri Merchant Association for a dozen years, chaired Region VII of the Federal Small Business Regulatory Fairness Board and currently serves on the Dealer Advisory Panel of the ASCII Group, an organization of nearly 1,200 independent computer and technology solution providers in North America. He can be reached at joe.balsarotti@software-to-go.com.

Contractors Rely on Mobile Device Management to Protect Client Data, Control Usage

in Columns/Technology

By KERRY SMITH, Editor, St. Louis Construction News & Review Magazine

As the amount of sensitive project data transmitted from construction sites is increasing exponentially, so is the need to remotely manage and protect that information.

Mobile device management or MDM has been in existence for years. Security software that is capable of monitoring, managing and securing employees’ mobile devices – namely their smartphones – is and has been a reality within a myriad of industries. But for the design and construction industry in particular, tracking who is transmitting what from where to whom in real time is critical.

“If you have mobile device management capability, it means that the owner of the device – the construction company in this scenario – has full access to its intellectual assets,” said Brad Hagemeyer, a technician with St. Charles-based eTech Solutions. “It puts you, the owner of the smartphone, in control with regard to what information is being shared and with whom. If necessary, at a moment’s notice you’re able to wipe sensitive data from the phone, selectively delete information from it, remove contacts or even render the device inoperable,” he added. “And all this can be done remotely in very little time.”

Hagemeyer says that Apple keeps device owners and operators at arm’s length when it comes to accessing and controlling data. “That being said, however, Apple does allow remote managing of the device in terms of usage,” he said. “And with an Android device, you’re able to tap into an unlimited range of mobile device management applications.”

For construction companies whose mobile devices are held by project executives, project managers, estimators and many others, MDM is a necessity in order to protect the privacy of client data. And in a human resources context, MDM enables a firm to ensure that the devices are being used only for what the company intends, according to Teresa Whitcomb, chief financial officer at St. Peters-based Blanton Construction.

“Our customer security is very important to us,” Whitcomb said. “Although the construction industry in particular has a more transient workforce, we still need to enable that communication and also to monitor usage. MDM allows us to restrict mobile device usage from sites that are not work-related, to monitor and control bandwidth usage and to be able to lock down and secure data in the unfortunate case where we do have a termination. Keeping company assets – smartphones and tablets – secure is essential, especially in our industry where so much of the information sharing that we do takes place at the job site.”

In the event that a device is unintentionally lost, stolen or damaged, MDM allows for near-immediate lockdown of the device, according to Hagemeyer. “MDM also makes it possible for contractors to monitor the location where the mobile device is being utilized,” he said. “For example, with MDM a company can track whether a particular worker is transmitting data from where he is supposed to be at any given time and within geographic parameters. Mobile geofencing is the use of GPS or RFID (radio-frequency identification) technology to create a virtual geographic boundary, enabling software to trigger a response whenever a mobile device enters or leaves a particular area. If the worker assigned to the device is supposed to be at a particular job site from 7am to 3pm but leaves the job site at 2pm, by tracking the device’s most recent IP address, the geolocator can send a message to the manager that his worker has left the job site.”

Hagemeyer and Whitcomb said there’s often a misconception with regard to mobile device management that its purpose is to act as “big brother” with regard to surveillance of the nature of the data being transmitted. “That’s really not what MDM is all about,” said Hagemeyer. “As a third-party monitoring agency, we cannot see the actual data and we don’t want to see it. Unlike computer systems, our monitoring software does not remote in and see screen shares of information. What we monitor for construction companies and other clients depends upon the degree of control they want to have over the devices they own, devices that are a company’s intellectual assets. A big facet of what we do for contractors is to control the use of their devices for activities that are directly relevant to their employees’ work. If that device is also being used to stream YouTube videos, Netflix or anything like that which really racks up data usage, we have the capability of knowing about it instantly and restricting the device,” he added.

Monitoring and controlling a contractor’s entire fleet of mobile devices can translate into significant telecommunications cost savings in the short term and long term, Hagemeyer says. “If the company is paying $3,700 a month, for example, for usage of its mobile devices, initiating MDM and taking control of those company-owned assets can immediately spell significant savings,” he said. “In this scenario, we were able to reduce the firm’s telecom bill by approximately $2,000 or 54 percent.”

Whitcomb says employing MDM is a wise human resource strategy for any company, particularly one whose daily scope of work includes large amounts of sensitive data being transmitted remotely from and to job sites.

“Working with eTech Solutions and using (Cisco) Meraki software has enabled us to restrict our band width usage to what is necessary for performing work-related functions,” she said. “It has also enabled us to restrict mobile device usage from sites that are not work related. All of us have done it…we’ve unintentionally left our smartphone somewhere. There is sensitive data and contacts on these phones that we wouldn’t want out in the public. MDM gives us the ability to be able to lock down that phone anywhere at any time instantly if necessary.”

Fueled by E-Commerce Fulfillment, Industrial Bulk Distribution Development Momentum Continues

in News/Technology

By Kerry Smith, Editor – St. Louis Construction News & Review Magazine

Speculative industrial warehouse and distribution construction remains alive and well across the St. Louis MSA, as evidenced by new construction activity and high-tech robotics upgrades.

Kadean Construction of Fenton is building “Building 5,” a 769,000-square-foot speculative building in Lakeview Commerce Center, Panattoni Development’s 750-acre bulk distribution park in Edwardsville. Kadean Construction President Mike Eveler said the construction project, which includes 80 loading docks with clearing heights of 36 feet, is the mirror image of a twin warehouse that his firm completed in 2017 within Lakeview. Eveler anticipates construction of Building 5 to wrap up by September.

“This is the second building we’ve built recently at Lakeview Commerce Center,” he said. “In addition to constructing Building 5, we built its sister building, Building 4, which is occupied entirely by Amazon.”

Although Building 4 was completed in 2017, Kadean is already performing major technology upgrades for client Amazon as the e-commerce giant embraces the very latest advances in fulfillment/distribution technology.

“In 2017 they (Amazon) invested approximately $23 million worth of tenant improvement work (in Building 4) as well as heavy and electrical distribution,” said Eveler. “Much of this investment was related to robotics within the facility that hold the product and move it around.”

As innovations in e-commerce order fulfillment occur at a pace that’s nearly as swift as that of e-commerce product delivery itself, serving forward-thinking industrial clients like Amazon is also a dynamic process, according to Eveler. “About six weeks ago, Amazon contacted us to request additional work specific to fulfillment robotics,” he said. “We’re already tearing out some of what we built (internally) for them in 2017 to help them upgrade with the latest technology. Upgrades and modifications in their robotics system alone represent about $1 million worth of work,” he added.

The scope of work Kadean is performing includes upgrades of the Amazon Robotics (AR) field, a type of invisible electronic track network upon which automated guided vehicles travel. The robots travel over the AR field picking up an entire upright shelving unit known as an inventory pod, bringing it to a technician at a fulfillment and packaging station and later returning it to its designated storage area. Kadean’s work includes removing the existing AR field and picking stations as well as installing new power and data requirements for the new field and picking stations, and related electrical work to accommodate Amazon’s automated storage and retrieval system.

Kadean works in tandem with Panattoni Development in other industrial parks across the St. Louis MSA such as Aviator Business Park in Hazelwood – the 155-acre park on the site of the former Ford Motor Co. plant at Lindbergh and Interstate 270.

Mark Branstetter, partner at Panattoni, said his firm has developed approximately 1.7 million square feet in Aviator and has equally that much ground available for future development.

“We are about halfway through developing Aviator,” Branstetter said. “It’s interesting…although Lakeview and Aviator are relatively proximate – some 15 miles from each other – their respective user groups are markedly different. Lakeview in Edwardsville attracts the larger, regional distribution centers, whereas Aviator in Hazelwood attracts more local infill.”

Although e-commerce is a prominent driver of bulk warehouse and fulfillment development nationally and regionally, Branstetter said e-commerce isn’t the only factor propelling the construction of these types of buildings.

“A big topic that receives attention is indeed e-commerce,” he said. “It’s certainly a big trend, but it’s not the sum total of what’s driving development in this industry sector. E-commerce is actually a very late trend, just in the last decade or so. Companies are trying to optimize their supply chain, be it location or size orientation. But once they’ve optimized their locations across the country, firms are then working to optimize the inner workings of their processes, again with the consumer at the forefront.”

According to the results of an annual industry outlook survey published in January by Modern Distribution Management, Amazon sold seven billion items last year, serving 70 percent of U.S. households.

All For One Monthly Payment: Beware of the All-You-Can-Eat Buffet of Managed IT Services

in Technology
Joe Balsarotti

A business called me last month, unhappy with their present information technology provider. The why of it isn’t important. What is important is that the business is contemplating a switch – its second such change in three years.

The present tech company signed them up for a “managed service” plan. We’ve discussed that buzzword before; it’s a laundry list of tech bundled together for a monthly fee. In many cases, it’s really a list of things that probably shouldn’t be bundled together. Security software, firewall, backup equipment and cloud storage tossed in with equipment maintenance, software updates and help desk services all in a neat bundle, tied up with a bow and “all for the low monthly price of $$.” It may be a great deal for the vendor, but absolutely not for this client…and probably not for you, either.

As we looked into the business’ setup we found that it doesn’t own its backup appliance and it doesn’t have control of its cloud-based backup data. The business also assumed its firewall was up-to-date. Not so; the vendor had only enabled the basics, not the data-filtering options available on the device that required a subscription to enable. It is relevant to note that even though the customer had been hacked a couple of months ago, it had not engaged the advanced firewall features. Even the endpoint software (formerly known as antivirus software) is billed monthly and the license isn’t in the customer’s name. In other words, the customer’s livelihood is dependent upon rented products and services from its current IT company.

How can a customer disengage from a vendor who isn’t to its liking? Unfortunately, the business customer has to throw money at the problem – unfortunately a lot of money in this case. In order not to get stuck like this again, the business will need to buy endpoint licenses a second time. The initial buy is more expensive than a renewal, but this vendor advised the business customer to cancel its existing licenses, assuring the client that the vendor would simply bundle in the cost with the client’s contract. This probably made for an easy initial sale, but like that old FRAM oil filer ad, “You can pay me now, or pay me later.” In this scenario, the later is a much bigger bill when the customer’s honeymoon with its tech vendor is over.

Because of the bundling, the customer had no idea that its firewall wasn’t being used to its capacity, nor did the client know how involved getting its backup data moved to a device it owns and a service it had control over would be. All of these issues are solvable, but it results in a sizable up-front cost. This story illustrates that the customer’s hands-off approach to the IT firm left it vulnerable because everything moved behind the scenes. Without those pesky old, internal discussions about replacing aged equipment or buying new versions of this or that, as the customer write a monthly check to the tech vendor thinking it was covered, the customer lost touch with the infrastructure its business depends upon.

All in all, we calculated more than $4,000 for this twenty-something-member company, just to undo the mess created by the “all for a low monthly fee” shtick. Beyond that lies the cost to audit the client’s IT network to see what other problems may exist with software licensing, security or network setup and to document and onboard these issues. If the business customer hadn’t been sold on the monthly contract, it would have been in a far better position when it chose to switch tech providers because the software licenses, services and equipment would have been in the customer’s name and it would have possessed keener insight as to what it was paying for.

I understand that managed service is all the rage in the IT world. At conference after conference, managed service is unabashedly sold as how to make money for not doing much. In theory, the vendor automates everything; once an IT vendor creates the defined set of services for its first customer, the pattern is copied for all the rest. If your business is basic, managed services may be a good fit as it does offer predictable costs and basic technology needs are well met. Unfortunately, it can also mean that customers with unique needs, custom software or equipment – or for whom time is more valuable than for an average business – aren’t going to get the level of response they require since those businesses don’t fit the cookie cutter approach.

The nightmare begins when the customer discovers that its vendor is not a good fit, or worse, doesn’t fulfill its obligations. What happens if the IT company goes out of business or is bought by an out-of-town firm and local support evaporates? Is easy budgeting for technical services more important than getting the best product or service for your company’s particular needs? Or, do you need to retain the keys to your own kingdom?

Is your business prepared to pay significant money to move on if something goes badly? Be wary of the all-you-can-eat buffet of managed IT services. Know what elements your business has control over and what you don’t. Know the costs involved beyond the monthly fee and how much a breakup could set your business back.

I welcome your questions or comments at businesstech@software-to-go.com.

Joe Balsarotti is President of Software To Go and is a 37-year veteran of the computer industry, reaching back to the days of the Apple II. Balsarotti served three terms as chairman of the National Federation of Independent Business’ (NFIB) Missouri Leadership Council, as chairman of the Clayton, Missouri Merchant Association for a dozen years, chaired Region VII of the Federal Small Business Regulatory Fairness Board and currently serves on the Advisory Panel of the ASCII Group, an organization of more than 1,000

What’s All This Talk About Encryption?

in Columns/Technology
Joe Balsarotti

By Joe Balsarotti

What does the Apple­–FBI fight and the ransom paid by a Hollywood area hospital have in common? Encryption.

The data stored on the Syed Farook’s iPhone and the data at Hollywood Presbyterian Medical Center are both encrypted, the former by design and the latter by malicious hackers.

The lure of privacy and keeping prying eyes away makes encryption a tempting solution, even if no encryption scheme has ever been foolproof. The federal government, through the HIPAA (the Health Insurance Portability and Accountability Act), even wants most patient data encrypted, and yet the FBI wants to break the encryption on mass-murderer Farook’s iPhone.

Encryption is a two-edged sword. It can be used to protect a company’s information, but it can also block a company from getting its own information. When a hard drive fails due to a hardware problem, encrypted information is rarely recoverable. If backups fail, there could be irreparable damage to a business because of the loss. Or, the hardware could be fine, but a disgruntled employee can use readily available tools to encrypt a business’s data and leave the company high and dry.

International organized crime has found encryption to be a very lucrative tool, hence the rise of Cryptolocker and like viruses and malware. “Pay us and you get your data back”; don’t pay and you or your business are at the mercy of having backups with enough versions to extend past when the infection first hit your systems. Of course, that assumes your business *has* backups which have been tested and verified.

Without getting to far into the weeds of the Apple vs. FBI saga, suffice it to say that battle isn’t over encryption, it’s over the iPhone’s setting to destroy it’s data if ten incorrect passcodes are entered. Since today’s computers can easily crack any passcode within a couple of days by trying every combination, the illusion of security in Apple products lie in the balance. Give the FBI a way around the self-destruct and the Apple products are no more secure than anything was before the digital age.

Now, back to the encryption conundrum. Until the digital age, nothing was truly private. Any safe or vault could be picked and any code could be broken, eventually. In the digital age, encryption has become both a blessing and a curse, but there’s no denying that it enables a level of privacy that didn’t even exist  fifty years ago. Those who’ve only lived in the digital age take this privacy as a given and don’t want to see it’s power eroded. Those who remember ‘loose lips sink ships’ know that no information was truly safe in the past, and breaking the other side’s code often meant the difference between life and death.

For a company, encrypting data on mobile devices such as notebooks, tablets, and phones is a prudent move as those devices are easily lost or stolen. However, your data should never be only on such devices. Mobile devices should either have to connect to access the data, via a VPN (Virtual private network), remote access tools like Teamviewer, LogMeIn, or Remote Desktop, or to one of the secure cloud based services. In other words, either store the data stored elsewhere, but have it accessible to your mobile device, or encrypt the mobile copy.

Once important data is encrypted, the key to that data is invaluable. If you as a business owner, encrypt your company data and something happens to you, who on your staff also has the key? If you get hit by the proverberial bus, and no one has the decryption key, how does the business survive without the data you deemed important enough to encrypt in the first place? Restoring a backup won’t help as those backup files would be encrypted and also require the key to be readable. In your personal life, does you family have the keys and passcodes to get into your digital files if you’re incapacitated or no longer around?

Everyone can agree that you should have multiple levels of backups for your business. Whether to encrypt some, all or none of  your company or personal data is a much harder question.

If you’re interested in the specifics of the incidents I mentioned, here are the links:

http://www.latimes.com/business/technology/la-me-ln-hollywood-hospital-bitcoin-20160217-story.html

http://mashable.com/2016/02/25/apple-vs-fbi-stakes/#3e3nDPE1hsqd

I welcome your questions or comments at businesstech@software-to-go.com

Joe Balsarotti is president of Software To Go and is a 36-year veteran of the computer industry. He served three terms as chairman of the National Federation of Independent Business’ (NFIB) Missouri Leadership Council, served as chairman of the Clayton, Missouri Merchant Association for a dozen years, and chaired Region VII of the Federal Small Business Regulatory Fairness Board. He currently serves on the Dealer Advisory Panel of the ASCII Group, an organization of over 1000 independent computer and technology solution providers in North America.

Do You Have A Plan to Refresh Your Technology?

in Technology
Joe Balsarotti
Joe Balsarotti

It’s hard to believe any business nowadays not being computerized. After all, without a website or at least email, it would be invisible to the vast majority of the public. Even businesses that get their customers solely from referrals have to be able to communicate in a way that customers and prospects prefer.

Those of us old enough remember the switch to computers. It usually started with an accounting system, maybe BPI, Great Plains, Timberline or Accpac. The time spent on finance and accounting went down significantly as adding machine and ledger paper were replaced. Then came word processing and the days of carbon paper were gone. CAD/CAM drastically reduced time to design and reduced errors. Local area networks started becoming commonplace in even small offices and everyone had access to the data without having to wait for someone to get done with ‘the file.’

Back in the very late ‘70s to the early ‘90s, it was easy to justify the expense of computer technology. The benefits went almost immediately to the bottom line, expanding abilities and reducing labor costs. ‘Selling’ management or the owners on buying equipment and software was an easy task. Technology planning meant calling a rep, getting a quote and saying yea or  nay, then starting the whole process again from scratch five to seven years later.

Some years ago, I had the opportunity to meet Dan Bricklin at an industry conference. You’ve probably never heard of him, but you certainly know the results of his invention, Visicalc. Yes, imagine a world before spreadsheets. The digital marriage of a sheet of ledger paper and a calculator was the brainchild of Mr. Bricklin. During his presentation, he was asked one of the best business questions I’ve ever heard at a tech event (tech events tend to be very techie rather than bottom-line oriented) “How did you arrive at a price of $499 for Visicalc?” He replied that those were the days of timeshare computing and that an hour of computer time was expensive. So, he calculated the average three-month cost for timeshare services then worked backwards, subtracting the cost of an Apple II computer, monitor, disk drive and printer. The result was a difference of about five hundred bucks, so $499 became Visicalc’s price.

Bricklin wanted the selling of Visicalc (and everything necessary to use it) to be a no-brainer. Why, after all, would any company want to pay to rent computer time when in just three months they could have their own system free and clear?

Nowadays it seems the benefits of newer technology are much harder to calculate. How much productivity does your business really gain if an older machine takes two more minutes to start up in the morning than a new one would, or printing takes an extra minute? Realistically, is your staff ready at the first minute of the workday or are they getting coffee, arranging their desk or hanging up their coat anyway?

The gains of new technology for businesses seem to have hit an inflection point. Now, it isn’t how much more you’ll gain as much as how much your business could lose by not keeping current. All those columns I’ve written about security, backup, and data loss might be coming to mind for you right now (at least I hope so). Downtime is an expense and a costly one. What price do you pay if a machine goes down and leaves an employee unproductive for a day? What if that machine is your server? Hard drives have finite life spans, so do cooling fans. They will eventually fail and that means your staff can’t get work done. Parts availability might become a problem with older systems. Even if the parts are available, how long to get them, have the repair completed, and the data restored? Time is money, after all. What’s your plan to deal with a failure?

Security also is a concern on older systems, as is compatibility with newer systems within your organization or those of your vendors, clients, and prospects. It’s hard to calculate the damage if your proposal looks like gibberish or is formatted wrong, because you were running a five-year-old version of Word or Acrobat, but it’s easy to calculate the loss if you miss a deadline because of system failure.

Businesses should have a written plan for a technology refresh. Some businesses can get by with a once-a-five-year refresh if their systems and internal procedures are very solid and scripted. Others, especially ones with more creative aspects such as design and architecture, need to replace machines along with each new version of their primary design software as each version adds new features and therefore requires more power from the hardware.

Even Internet access requires technology refreshes. How many of you have the same firewall from an old DSL connection running a newer cable or fiber line? If so, you are getting half of the speed you’re paying for because the firewall can’t scan the data at the speed of your line. Security improvements aside, a five year old firewall is a dinosaur and if not costing you money, is keeping you from getting what you’re paying for each month.

So, work with your tech provider, develop a plan and stick to it. If your technology people aren’t proactively working with you already in this regard, it’s probably time to find a new provider who can be a true partner for your business. A tech refresh plan will allow you to budget for necessary improvements and go a long way to keeping your company secure and up-to-date.

I welcome your questions or comments at businesstech@software-to-go.com

Joe Balsarotti, president of Software To Go, is a 36-year veteran of the computer industry, reaching back to the days of the Apple II. He served three terms as chairman of the National Federation of Independent Business’ (NFIB) Missouri Leadership Council, was chairman of the Clayton, Missouri, Merchant Association for a dozen years, chaired Region VII of the Federal Small Business Regulatory Fairness Board, and currently serves on the Dealer Advisory Panel of the ASCII Group, an organization of over 1000 independent computer and technology solution providers in North America.

When’s The Last Time Your PC or Server Got an Oil Change?

in Columns/Technology
Joe Balsarotti

By Joe Balsarotti is President of Software To Go

The quick lube places drummed the “three months or 3,000-mile” mantra into all of us some 20 years ago and built an industry around it. Later, autos with 100,000 miles were considered exceptions; now 200,000 miles and more is the norm. Any mechanic will tell you that regular preventative maintenance allows cars to last longer. Computers need constant maintenance, too. A network going down can be far more costly to your business than if a truck, van or car in your fleet malfunctions. After all, you can’t just call up Enterprise and rent a new network for a week.

Far too many businesses see their technology as simply a necessary expense rather than the asset it is. After all, how expensive would it be to do your bookkeeping by hand compared to the cost of merely plugging numbers into your accounting system? Computers, networks and the like should be treated as the integral part of your business that they are. Just like changing the oil in a car or greasing the gears of heavy machinery, regularly scheduled preventative maintenance results in saving money rather than costing your business money.

Computer technology changes constantly. A model year for a desktop computer is about four months; major application programs renew every one to three years. In the software realm, most programs are dependent upon other programs that very likely are produced by another company. One vendor finds a bug, a defect or an entry point for hackers and writes a patch or update to fix it. That, in turn, changes parameters in other programs that communicate with it, requiring updates. On the hardware side, printers, scanners, CNC, robotics, entry systems and other connected devices need software updates when the operating systems running on the PCs are updated. Security updates to anti-virus, endpoints and firewalls are conducted daily, if not hourly, behind the scenes.

All those updates and changes need to be managed by someone. We’ve seen many a business user’s system crash, only to discover that the software is two, three or even five years behind. Companies may unintentionally leave their operations vulnerable and accessible to any kid who searched for “hacking tools” on the Internet. A lack of preventive maintenance and monitoring – what our industry refers to as managed services – leads to unexpected and unpleasant future expenses.

Just last month we heard about the St. Louis Public Library’s entire network being rendered unusable as a Cryptolocker type of ransomware was downloaded and encrypted the data, holding it hostage. The patron machines and back-office machines never should have been on the same network in the first place, but I’m sure someone will argue that it was prohibitively expensive to do it the correct way. Oops. We’re left wondering how much that shortcut will cost taxpayers. Was the library paying for update subscriptions to its firewalls? Was all of the software completely updated and was the network being monitored for a mass change in data? At least we do know that St. Louis Public Library had backups of the data and didn’t pay the ransom.

How would your network fare if it were attacked in the same manner? What costs would your business incur if all computers were unusable for a week? Would the idea of preventative maintenance and monitoring suddenly look like a cheap insurance policy?

Gartner research back in 2010 showed that 43 percent of companies were immediately put out of business by a “major loss” of computer records – and that another 51 percent of businesses studied permanently closed their doors within two years, leaving a mere 6 percent survival rate.

Maybe many of those data losses were caused by a major disaster destroying the surrounding customer base, as one possible example. But ask yourself: even if these are extra harsh statistics, what happens if you lose your customer list, your A/R report and aging, blueprints, plans or schematics for all the projects on which you are working? Realistically, would your business survive, and at what cost? More importantly, could it have been prevented by spending a realistic amount of money on managed service and preventative maintenance?

Most managed service plans are flat monthly, quarterly or annual fees based upon either the number of users or devices in the business. Your business gets the advantage of peace of mind that your tech provider’s incentive is to prevent problems because repair and remediation takes more time and is therefore less profitable. Additionally, your business gains a far better grasp on the true expenses of your technology because you can forecast and budget far in advance – and you can hopefully eliminate the unexpected, immediate expenses that failures bring.

I welcome your questions or comments at businesstech@software-to-go.com.

Joe Balsarotti is President of Software To Go and is a 37-year veteran of the computer industry, reaching back to the days of the Apple II. Balsarotti served three terms as chairman of the National Federation of Independent Business’ (NFIB) Missouri Leadership Council, as chairman of the Clayton, Missouri Merchant Association for a dozen years, chaired Region VII of the Federal Small Business Regulatory Fairness Board and currently serves on the Advisory Panel of the ASCII Group, an organization of more than 1,000 independent computer and technology solution providers in North America.

Consider Lying to Make Your Personal and Business Data More Secure

in Columns/Technology
Joe Balsarotti

I’ve written about it before, security breaches allow access to personal data. No business is safe. When the ‘big guys’ get hit, it makes the evening news. When it happens to a small business or an individual, it can still be devastating.

The recent Yahoo hack exposed one billion accounts. That’s one-thousand-million users who got their data stolen. What’s really bad about this second exposure at Yahoo is that not only did user names and passwords get out, but also those security question answers. Oops.

With that in mind, here are some tips on how to make your data and your business’s more secure.

In my opinion, the whole idea of a security question as a way to recover forgotten passwords or accounts is just plain stupid. As Sarah Palin found out during the 2008 elections, just about anyone can find out enough about you to answer the questions usually asked and sure enough, her email account was hacked. Which, of course, means that just about anyone can get your data.

So, what can you do about it?  Lie.

Yes, lie when you enter answers to security questions. If the vendor asks for your high school, enter your college. Enter your father’s middle name when asked for your mother’s, etc. The trick, obviously, is to be consistent so you don’t trip yourself up. You might even consider entering the first of your birth month as your birth date, for example, when registering with most sites. After all, you will still get your free birthday desert at the local restaurant if you keep the month correct but might save yourself grief if the restaurant rewards program gets hacked and your birthday gets out.

The ‘keep it simple’ premise can be utilized in your business. Don’t ask your staff, your vendors or your customers for data that you really don’t need. Remember, once you have that data, its safety is the responsibility of your company. That also means the liability for a breach is on your company as well. Maybe your marketing people say sending a birthday greeting or your sales staff knowing a customer’s anniversary is a plus, but does it really matter if you know the exact day? Would more general data serve the same purpose with lower risk?

Remember, the adage of ‘change your passwords frequently’ is not to protect you, the customer, it is to protect the ones holding that data. Obviously, the best security is to come up with a password very hard for someone else to figure out, but that you can memorize. Constantly changing passwords, do the opposite. People forget them because the most secure and meaningful ones have already been used. Therefore their passwords become simpler and simpler and in most cases end up written down on Post It notes, where a cleaning crew, employees, visitors, or family can easily see them.

The reason password changes are crammed down your throat is due to a valid worry that the data holder may have already been breached and doesn’t know it. Changing the passwords regularly renders the stolen data useless, which does protect you, but it’s really done as an attempt to reduce the holder’s liability.

One way to protect yourself with regards to frequent password changes is to come up with some formula only you know which allows a memorizable password, but also makes it unique at every place you use it.  For example, say you decide your ‘master password’ will be the word “memory”. If you have a Yahoo account, make the password “1Memory1-Y”, for a Gmail account, your password would become “1Memory1-G” and for online banking it would become “1Memory1-B”.   In this way, you’ve kept the basic password as something you can remember and not have to write down, it includes letters of both upper and lower case, numbers (not just tacked onto the end) and a symbol, all things that are required by most sites nowadays. You’ve already figured out the last letter is the first of the site, but when hackers try your data at a host of well-known websites, it will fail. They are not going to analyze your individual password for a pattern. They are already onto trying the next million easy targets in their list.

Turning to the business side of the equation, customer data stored on your systems should always be secured with multiple levels of security, which include hardware firewalls, passwords (or better yet, biometrics), endpoint protection, and security training for your staff. All security products should have update subscriptions and only administrators should have access to install software. Every user should have their own unique passwords and your employee manual should make clear that sharing passwords, or using another’s account could be a fireable offense. Don’t ask security questions of your customers. Instead consider having them enter a second phrase, which only makes sense to them, but not one based on a question which could be obtained by a hacker.

Having your personal data stolen is bad, but losing your company because someone stole all your employee or customer data is worse. Take the necessary precautions and consider protecting yourself with a couple little white lies.

I welcome your questions or comments at businesstech@software-to-go.com.

Joe Balsarotti is President of Software To Go and is a 37-year veteran of the computer industry, reaching back to the days of the Apple II. Joe, served three terms as chairman of the National Federation of Independent Business’ (NFIB) Missouri Leadership Council, as chairman of the Clayton, Missouri, Merchant Association for a dozen years, chaired Region VII of the Federal Small Business Regulatory Fairness Board, and currently serves on the Advisory Panel of the ASCII Group, an organization of over 1000 independent computer and technology solution providers in North America.

Are You and Your Company Suffering from Data Overload?

in Columns/Technology
Joe Balsarotti
Joe Balsarotti

By Joe Balsarotti

The amount of data on the Internet is staggering. Back in 2011, USC researchers estimated humans had already stored 295 billion gigabytes, and here I am adding to the total with this column. Here in 2016, tweets rack up at a rate of about 6000 every second. While I write this, there are over a billion separate websites, with over 3.89 billion pages (You can see the ‘size of the Internet’ change in real-time at http://www.worldwidewebsize.com/)

You’re wondering how this makes any difference to your business. The statistics above are interesting, but here’s the one that brings it home. Every second of every day, more than 2,000,000 emails are sent. How many are unread in YOUR inbox?

Data overload is happening to everyone. We’re inundated in emails, tweets, Facebook posts, pins, and a host of other calls for attention. Technology has not, as of yet, developed the solution for keeping up with it all, namely the 25th, 26th and 27th hour of the day. Since those extra hours aren’t here, yet, although I keep trying to invent them, how can one manage the time consumed by both ‘good’ emails and time wasters?

First off, use more than one email address. Yes, more makes for simplicity. Use a Yahoo, Gmail of other ‘freebee’ email service for all those companies who send newsletters, sale fliers, blogs, and the like. Using something completely divorced from your primary work email address (which should NOT be your primary personal email address) gets right at the heart of the problem. When you have spare time, go to the freebee email portal and dig in. DO NOT have that address automatically sent to your phone, Outlook, Thunderbird or whatever you view normal emails with. There needs to be a barrier between that type of email and your business and personal correspondence.

After you have that general email address set up take an afternoon, subscribe only to the ones you want (times do change and your sign ups from 2005 may not be relevant anymore) at that new address. As soon as you do, unsubscribe from those lists on your ‘real’ email address. Use this opportunity to clean house and make your days easier.

Now, back to my pithy comment above, if you are using the same address for work and personal emails, time to split those up too. It’s fine to have those two addresses hitting your phone and computer, but when you await an important message about your child, you don’t want it mixed in with work and when that contract comes in, you shouldn’t need to sort through PTA emails to find it.

Next, use the power of the computer and the software you paid for. Create folders for general topics you deal with, be it your kid’s soccer team, church group, purchase orders, legal docs, etc. There’s no need to go hog wild with fifty folders when ten will do, but make those ten folders reflect topics you can easily prioritize on a hectic day. If a deadline is nearing, go straight for that project folder instead of having to sift through dozens of messages irrelevant to getting the job done on time.

Lastly, set rules for the incoming emails, this may be a time when you need your tech staff to assist you. When the sender is a subcontractor, have Outlook dump that email immediately into the folder for them, or for the project they are working on. If the sender is your child’s school, into the folder for that child it goes. Vendor invoices or correspondence goes into the vendor folder, then maybe a sub-folder for just them. What you have to learn to do is look at the folders for the highlight or number denoting new messages, rather than the inbox. In this way, you immediately know the topics of many of your incoming emails and can prioritize with just a glance.

Start with very general folders and rules and refine them as you become comfortable with the new ‘normal’. If do it correctly, you can deal with 200-400 emails a day (as I get) and still have time for lunch. Now, if only you can get your staff to do the same thing …

I welcome your questions or comments at businesstech@software-to-go.com

Joe Balsarotti, president of Software To Go, is a 36-year veteran of the computer industry, reaching back to the days of the Apple II. He served three terms as chairman of the National Federation of Independent Business’ (NFIB) Missouri Leadership Council, was chairman of the Clayton, Missouri, Merchant Association for a dozen years, chaired Region VII of the Federal Small Business Regulatory Fairness Board, and currently serves on the Dealer Advisory Panel of the ASCII Group, an organization of over 1000 independent computer and technology solution providers in North America.

Reducing Risk in the Internet Age

in Technology
Joe Balsarotti
Joe Balsarotti

By Joe Balsarotti

Seems every tech article nowadays is about the liabilities of technology. Hacking, lost data, damaged online reputations, and the legal and ethical ramifications of technology and stored data.

So, it seems appropriate to delve into how to, if not minimize, at least mitigate the liabilities that the digital world has created for all businesses large and small.

Does your business host its own website?

Unless you have private components to yours site for vendors or customers to access your database, there is no reason to host your own site. Cutting off that entry point to your network goes a long way in reducing your risk. Besides, except for keeping internal I.T. people busy, there’s not much upside in hosting your own website. Outsource it to professionals after you’ve done due diligence to make sure there are backups, redundant sites, and uptime guarantees. In short, let specialists deal with it.

How about email, why would you host your own?

Forget the security concerns for a moment. Since over 95 percent of all email transmitted gets rejected at the server as spam, that means that 95 percent of the Internet ‘pipe’ you are paying for is wasted on trash. Find a reputable provider whose focus is on providing email.  After all, there are very few individual businesses with access to datacenters across the country for redundancy, battery and generator backup, communication lines from multiple providers, and 24/7 staffing, but quality email providers do.

Granted, going with one of the ‘big guys’ for email or hosted Exchange has its own set of issues as they are larger targets to hackers. If someone breaches your in-house email server, however, you don’t really have recourse, but if a multimillion or billion dollar provider gets breached, they will have far more resources to bring to bear on restoring service and recovering damaged or lost data. Plus, it’s a fair bet that lawyers will be lined up to help you recover compensation for any losses you suffer.

Passwords, remember them?

One of the easiest ways to minimize liability with technology doesn’t cost a penny, but it is essential. ANY notebook, phone, tablet, or home PC that can access your company and/or customer data must always be password protected and should lock if unattended.

When replacing old PCs and servers, businesses generally know to keep the hard drives or get a certificate of destruction. However, the same precaution goes for those tablets or phones. Getting a couple bucks for trading in an old phone or tablet turns into a really bad deal when the tablet or phone falls into the hands of foreign hackers and organized crime, who buy old electronics by the pallet, looking for data off of hard drives.

Save yourself some headaches and reduce your company’s risk in the digital world by getting a certificate of destruction for every device that you dispose of.

I welcome your questions or comments at businesstech@software-to-go.com

Joe Balsarotti is president of Software To Go and is a 35-year veteran of the computer industry, starting back in the days of the Apple II. He served three terms as chairman of the National Federation of Independent Business’ (NFIB) Missouri Leadership Council. He was chairman of the Clayton, Missouri Merchant Association for a dozen years, chaired Region VII of the Federal Small Business Regulatory Fairness Board and currently serves on the Dealer Advisory Panel of the ASCII Group, an organization of over 1000 independent computer and technology solution providers in North America.

0 $0.00
Go to Top