The new EU privacy laws go into effect on May 25th, 2018. You may think this has little to do with your business here in the US, however, there are some tricky elements to this regulation that all business and website owners should know about. Watch Tim's short video to learn more
Today's guest post is from my buddy Nate. He has the mind and personality to get down and dirty with a businesses books. He loves numbers and making sense of them. Which is why he founded "Small Business Decisions" so that he could help businesses be profitable for a living.
The decision to Lease or Buy your computing hardware is something that comes to many businesses as they grow. Your first few computers were most likely purchased as they were needed. But as you grow, it's worth considering if you should switch from buying to leasing your computer hardware.
The finances of a lease vs buy decision for computer hardware are easy to measure, but that doesn't mean those equations should be driving the decision. The decision-making power of your team and employees should be focused first and foremost on the things that differentiate your company from the competition.
Yes, Computer Hardware is critical to business deliverables, but it is rarely a differentiator for your business. Critical but non-differentiating tasks are prime candidates for contracting out to an expert. The most common method of contracting out the supply of computing hardware is leasing.
What differentiates you from your competition? Why do people choose you over the guy down the street? If the thing that makes you different is your computing hardware, then you need to maintain tight control of that critical differentiator. For example, if you're Google or Amazon Web Services, your computing hardware most certainly is a differentiator. But they are an exception, not the rule. More than 90% of businesses do not gain a real differential advantage from what computing hardware is crunching the numbers. Which means that many businesses would benefit from spending less time worrying about it and letting an expert supplier work that angle for them.
If Computing Hardware does differentiate you from your competition, then you can either closely partner with a key supplier to deliver your differentiation, or you can bring the whole thing in-house. The reality is that you are an exception to the rule, so you might need a detailed discussion with someone like Solve or SmallBusinessDecisions to make sure you are fully supported in your critical tasks.
The timing of when you get new computers plays into whether or not you lease or buy your computers. I like charts and graphs, so here's a chart that lays out the four options we're talking about. The most common pathway through these quadrants is for small businesses to move from the top left, Buy Machines as Needed, to the bottom right, Lease With a Comprehensive Strategy. Often times, leasing is the factor that enables a business to move from replacing machines as needed to having a comprehensive replacement strategy.
Table 1. Lease vs Buy interaction options with the timing of machine replacement.
A comprehensive computing strategy means you spec between two and five machines and every employee in the company gets one of those options. The machines you're using is usually updated all at once on a three or four-year rotation. This type of plan is usually paid for with a lease so that you don't have a reoccurring capital expense every 3 years that you need to fund. With a lease, you pay for the machines over a 3 year period.
The focus here is on uptime for your employees, not commoditized computer hardware. You don't want your $100k a year employee to be unproductive for two days while the part for their specific machine is overnighted in from who knows where. The IT department also has the advantage of knowing the ins and outs of a small subset of machines and limiting the replacement part inventory they need to keep on hand in case of a needed repair.
If you are planning to move to a comprehensive strategy, then leasing makes a lot of sense. If you are taking a buy as you go approach with no standardized hardware, that is OK, but it means that the purchase vs lease of one single machine at a time becomes a much different tradeoff discussion.
Regardless of which strategy you choose, the tradeoffs for lease vs buy look like the following:
Table 2. Lease vs Buy Pros and Cons for relative to a comprehensive computing strategy.
Now that we've discussed a few ideas about how to manage your computing strategy. We should talk about what Solve offers. Solve will handle all sides of your computing hardware strategy. From managing the computing power you already own, to helping you spec and buy new machines. And from setting up a comprehensive computing strategy lease to helping you lease smaller portions of your computing power as needed.
For any questions or discussions about your overall computing strategy, please reply to this email or contact Tim directly. If you have any questions about other business strategy and support needs, please feel free to reach out to Nate directly on www.smallbusinessdecisions.com or by email: Nate@SmallBusinessDecisions.com
Rent or buy? SUV or minivan? Boxers or briefs?
Like any life decision, the answer is determined by need, preference and timing. The same is true in business and IT. I've had many conversations with business owners about assessing needs, but I also like to check in again next year because their needs and timing may have changed.
One common decision that businesses are making, is moving to Office 365. But sometimes it's not a good decision right now. So I came up with a handy survey to help business owners and decision makers determine if they've reached a point where moving to Office 365 could be a good decision.
If you answered yes to any of these questions let us know by going to our Contact Us page! We love helping businesses determine what's right for them.
Tax season may be ending today, but scammers are still hard at work trying to convince you to send them your precious information. Here's a few things to look out for and keep in mind.
The scary truth about email scams, is that it's very easy for a thief to "spoof" their email address to look like the business owners email, or your bookkeeper. But when you reply to that email it goes back to the thief and not the business owner or bookkeeper. Here's an example of how one of these emails would look like courtesy of JD Supra:
As you can see, it's almost impossible to tell it's a scam with the naked eye, unless you know the sender well enough to know that they don't word things a certain way. Your only defense against this is a good spam filter. The naked eye may not be able to tell this email was spoofed but a good spam filter can. If you use Office 365 or G Suite their spam filters are good at catching these. If you're not using those then you can get a third party spam filter like Proofpoint.
This one is pretty cut and dry. You get an email saying it's the IRS and you need to send them your social security number or other financial info. The easy thing about this one is that the IRS will never call or email you. They only send you letters in the mail. If you get a call or email from the IRS, ignore it.
Bank's have really caught on to the mobile era by creating apps that allow to manage your accounts through your phone or tablet. But, as a result, scammers have started sending text messages saying that there's an urgent need and you need to either go to a link or call a number. You may also get a phone call from a person or automated recording. The important thing to remember here is that your bank will never contact you and then ask you to confirm your identity by providing your account number or other confidential info.
70% of all hacks or information leaks are not the result of a virus or some fancy hack. They are the result of someone being tricked into willingly providing information to someone who shouldn't have it. I hope this information is helpful at keeping you on alert and your information safe.
Over the last year or so, a new type of virus has quickly become the newest IT Boogeyman. Getting it's name from it's ability to encrypt all your data so that it's unusable and then holding it for ransom, many credible businesses have had to fork over tens of thousands of dollars to recover data that is crucial to their business.
Because Ransomware viruses are so new, and changing daily, you can have antivirus, email spam filters and a hardware firewall and still get hit. Your only protection from Ransomware is to have reliable and diverse data backups.
But before you go buy an external hard drive and put a weekly reminder on your Outlook to copy your stuff over, let's talk about how to keep your backups safe.
Most Ransomware work by encrypting everything with a drive letter. That includes external hard drives that are plugged in and mapped network drives. So if you get hit with a Ransomware and your external hard drive is still plugged in that you store your backups on. Those backups are now useless. Same thing goes for that network share that you use for your backups.
The most reliable backup method to shield you from Ransomware are secure cloud backups. Mostly because most cloud backup solutions are continuous and versioned.
Continuous backups mean that it's backing everything up throughout the day so that if you get hit at 3:30PM on a Thursday, you don't have to go back to Wednesday nights backup and lose a day's worth of work.
Versioned backups mean that there are multiple versions of the same file stored in the cloud. So if you get hit and it's several hours before your realize you've been hit and all those unusable files are backed up to the cloud. You can easily restore your files from the most recent useable version.
If you aren't confident about your backups please contact us. All of our contract clients have secure cloud backups and we have other noncontract clients who have just asked us to set something up for them. All businesses are at risk, and we're here to help all businesses.
On March 23rd, the Senate voted to eliminate privacy rules that would have required your consent before internet providers sold your internet browsing history to advertisers. ISP's made the argument that companies like Facebook and Google can do it, so why shouldn't they be able to?
Advertisers will pay internet providers a premium for the data they can gather from your browsing habits. From that they can figure out very specific and intimate information such as your location, gender, marital status, occupation, hobbies, if you're moving, if you're expecting a baby, etc. And then do very targeted ad compaigns geared specifically to you.
What Can You Do About It?
ISP's can't track your internet browsing if your internet traffic is encrypted. VPN products such as Nord and PIA are cheap and simple to setup and will keep your internet activity private wherever you are.
You should also write your representative. The House of Representatives is expected to vote this week on this. But it's not too late to reach out.
Demanding internet privacy doesn't mean you're doing something illegal or sketchy. Privacy is your right and you don't want the intimate details of your life left to the discretion of ISP's and ad companies.
Technology breaks. Yeah, proper planning and good management helps your technology break less. But as long as technology is made by man, it's going to break.
But as I get older, I learn that broken things are just a part of life. Network connections break, car door handles break, and people break...to name a few. But I've also learned there are two types of brokenness, the kind that ruins you and the kind that makes you stronger. The funny thing is that regardless of what kind of situation you're in, you won't know until it's over what kind of brokenness you ended up with. So I thought since most IT professionals will end up having a critical emergency they need to fix at some point, I would give some pointers I've learned on how to fix things well.
This isn't a step by step instruction on how to troubleshoot, it's more like a manifesto for broken situations (which I'm sure applies to car door handles and people as well).
1. Be Empathetic
Whether it's a quick fix by restarting the server, or it takes a day or two of running network diagnostics and wading through pages of errors in the Event Viewer. Remember, if it's important to your client then they expect it to be important to you.
2. Be Calm
Not only are you there to fix whatever is wrong, but you're there to ensure everyone that everything is going to be alright. Maybe they're just anxious, and maybe they're red hot mad but you can't afford to be. Because it's hard to have a cool head to troubleshoot with, when your emotions are all over the place.
3. Be Humble
This is important. Because this shows that you understand that you were called to fix a problem, not show how awesome you are. Humility means that you get the problem fixed, no matter what! Even if it means admitting that you need to bring someone else in who's more knowledgeable in a certain area then you. Which leads me to...
4. Be Teachable
You can't be teachable if you're not humble. But as much as this whole process might have sucked, the take away might be that you learned something. Maybe you learned that a process you were using was wrong or outdated. Maybe you learned something about your customer's system you wouldn't have known otherwise.
Part of why people get so freaked out when their technology breaks is because they feel out of control. While you're working, if you take a little time to keep them informed on what you've found and where you are. Then that can help them feel like they've regained a little control and strengthen their trust in you.
No one likes it when things don't go according to plan. Especially when that involves time and data loss for your customer. But it is possible to redeem those situations. If, at the end of it all, you can emerge a better technician and you prove yourself more trustworthy to your customer. Then you both have won. Broken things are a part of the job, heck they're a part of life. Might as well embrace it now...
If you work in the health industry then you're familiar with HIPAA(Health Insurance Portability and Accountability Act). HIPAA exists to protect the private health information and the rights of healthcare patients. And HIPAA enforces it by performing audits and keeping track of entities that fall under it's umbrella.
What puts you under HIPAA's umbrella? If you're considered a
- health plan provider
- healthcare clearinghouse or
- health care provider
Then you would fall under HIPAA's jurisdiction to enforce their policies on. But simply if you save patient charts and insurance in your office, then HIPAA wants to make sure you're handling it correctly.
Really, there's three categories of safeguards that HIPAA enforces. Physical, Administrative and Technical. Obviously since I'm an IT guy we'll be focusing on the technical guidelines. Now keep in mind that people spend a lot of time keeping up with constantly changing HIPAA regulations.
I'm not one of those people.
So we're going to be dipping our toes into the deep pool of HIPAA technical regulations, by briefly going over the four main points of the technical safeguards.
- Access Controls
This has to do with making sure that all access to data is protected with strong passwords. HIPAA likes to see policies in place that enforce strong passwords, and that require you to change your password every 60 to 90 days. Also if a laptop leaves the office with patient information on the hard drive, the hard drive needs to be encrypted.
- Audit Controls
HIPAA wants see that everytime someone logs in or out of the system and does something to the data there is a log that records it. Windows natively does a good job of logging that stuff. And typically if you're using a medical software for the patients records that is usually built in.
Here they're talking about the integrity of the data. HIPAA wants to see that you've taken good steps to protect the data and make sure that any changes to the data are ones you meant to make. Things like good and secure backups, a RAID to create redundancy and solid anti-virus are good examples.
- Person Authentication
This shows efforts to ensure that the person gaining access to the system is actual who they say they are. Things like not allowing people to share usernames and making sure only certain employees have keys to locked doors are things HIPAA likes to see here.
- Transmission Security
And finally, in this section HIPAA wants to see that any patient information that is changed hands is done so securely. If it's emailed the email needs to be encrypted. If it's through the cloud, it needs to be through a VPN. If it's on a DVD it needs to be password protected. I think you get the idea.
HIPAA means business. They say that the privacy and rights of a healthcare patient are important to them and they're not afraid to fine you or put legal charges against you if they feel you pose a significant threat to that. I hope this has been helpful. If time goes by and you see that they have changed their stance on anything I've said please message me so I can keep this up to date.