10 Tips for maximising the performance of your IT consultancy.
According to technology researchers Gartner, the average cost of IT downtime is $5,600 per minute and can range in cost from $140,000 per hour at the low end to as much as $540,000 per hour at the high end. Further, 98% of organisations report that an hour of downtime costs them over $100,000 – and some 81% of respondents indicated that 60 minutes of downtime costs their business over $300,000 – with some estimates as high as $1.5 million.
These numbers are based on research in the United States and take into account a range of industries. There is, however, no reason to believe that the numbers are significantly different in Australia – where downtime costs the average small business 545 hours per annum- with the costs associated with that time going well beyond salaries and wages costs. The point is that downtime is expensive, no matter what industry you are in.
The implication of downtime include but may not be limited to:
- Lost revenue.
- Lost productivity.
- Corruption of and gaps in mission-critical data.
- Damages to equipment and associated assets.
- Cost of remediating systems and core business processes.
- Damaged reputation with customers and key stakeholders.
- Degradation of employee morale.
- Regulatory, compliance, and legal penalties.
- Loss of insurance discounts; contract penalties.
- Disruption of supply-chain.
Impacting significantly on downtime is the response times of IT consultants and managers you use. Unfortunately, there is no research data on IT consultant response times in Australia. There is also no research data on the time it takes IT consultants to resolve issues. However, our research suggests that as far as clients are concerned, both times in Australia are too slow. Wolfe Systems has worked hard over the last two years specifically to reduce our average response and issue resolution times and are continuously working on getting both times down further.
Wolfe Systems is undertaking regular Service Efficiency Ratings presently and will be including these in all client monthly reports from May 2021. We strongly recommend that no matter who your IT consultancy is – that you hold them accountable for service efficiency – demanding monthly reports.
To minimise downtime, every business should:
- Engage an IT consultant that has the expertise and resources that meet your needs.
- Avoid using the growing number of IT consultancies with a high staff turnover.
- Ensure that your IT consultancy documents an annual strategy you can sign off.
- Ensure your IT consultancy sets acceptable and achievable response time targets.
- Hold your IT consultant accountable for their performance against target response times.
- Demand monthly IT Service Efficiency Ratings and open channels of communication.
- Ensure that your IT consultancy adopts a pre-emptive as opposed to a reactive approach.
- Demand that your IT consultancy is 100% transparent, open and honest – always.
- Ensure that you are using the latest technology – both hardware and software.
- Demand systems that deliver state of the art back up and rapid data restoration systems.
Downtime can destroy your profitability. Not all IT consultants have the expertise, resources, attitude and systems required to minimise downtimes. It is the primary responsibility of every IT consultancy to minimise client downtime.
To learn more about increasing the efficiency of your ITservice and the value delivered by a Service Efficiency Rating, CLICK HERE
Alternatively, give me a call.
0488 445 044
10 Tips for maximising IT system efficiency.
Despite their significant investment in IT, few businesspeople know how efficient their IT systems are. Our research suggests that managers are finding it harder to track their IT systems’ efficiency due in part to a lack of transparency by IT consultants, the increasing complexity of systems, the growing need for automation, and the failure of consultants to undertake regular IT audit and efficiency ratings.
There is also a growing concern among business people that their IT systems are not as efficient as they could be. Recent research found that data systems downtime costs an average small business 545 hours per annum and that 80% of business leaders are concerned that the plethora of systems their businesses are using is reducing efficiency largely due to poor integration. Research also found that just 2% of businesses have modelled all business processes to the point where they can fully leverage automation opportunities.
Research also suggests that there are many opportunities that businesses of all shapes and sizes should be – but are not – embracing to maximise efficiency. Consider, Mobile apps save small business employees 725 million work hours per year. Businesses that invest in big data, cloud technology, mobility and security can realise up to 53 per cent faster revenue growth than their competitors. Businesses that switch to VoIP can save up to 40 per cent on their local phone costs and up to 90 per cent on international calls.
So, what is the efficiency rating of your business? When is the last time you completed a full efficiency rating review? Where are the opportunities to increase the efficiency of your IT systems? Are you extracting full value from your IT systems? Most importantly, when did your IT consultant last review your issues and the multitude of opportunities for reducing downtime, enhancing cybersecurity, and maximising your IT systems.
Wolfe Systems has developed a Systems Efficiency Rating tool to help clients identify:
- The current efficiency of their IT systems.
- Opportunities for increasing IT efficiency.
- Opportunities for reducing IT costs.
The Wolfe Systems Efficiency Rating (SER1) tool also enables clients to track their IT systems’ efficiency over time – so that they can fully evaluate the return they are achieving on their IT investment and the changes being made by their IT consultant.
For a complimentary Wolfe Systems Efficiency Rating review, with recommendations – CLICK HERE.
For now, here are 10 tips for increasing the efficiency of your IT systems:
- Set a baseline Systems Efficiency Rating (SER1) for your IT systems.
- Undertake a follow-up Systems Efficiency Rating every six months and track.
- Use your Systems Efficiency Rating to guide your IT investment.
- Require a report on the impact on your Systems Efficiency Rating before approving any IT investment.
- Complete an annual audit of your IT systems referencing your Systems Efficiency Rating.
- Evaluate, at least annually, the impact of IT automation opportunities on your Systems Efficiency Rating.
- Evaluate, at least annually, the impact of IT integration opportunities on your Systems Efficiency Rating.
- Ensure a match between your Systems Efficiency Rating requirements and your IT consultant’s capabilities.
- Have your IT consultants document a continuous efficiency improvement strategy?
- Ensure your IT consultants have the purchasing power required to minimise costs.
Efficiency needs to be addressed on an ongoing basis. It is central to your business’s profitability and, as such, should be the number one priority for you and your IT consultants.
To learn more about increasing your IT systems’ efficiency and the value delivered by a Systems Efficiency Rating, CLICK HERE.
Alternatively, give me a call.
0488 445 044
Smart services and smart technologies – Part Two
A series designed to address state-of-the-art services and technologies that can be used by business to Eliminate Inefficiency
Ransomware is malicious software that infects computers and displays messages demanding a ransom be paid before the system will function again. It is a form of malware used in criminal moneymaking schemes. A ransom is often triggered by a link installed in an email message, instant message or website. Ransomware damages costs are expected to reach US$20 billion in 2021.
While paying a ransom in response to a cybersecurity breach is now illegal in Australia, the costs associated with ransomware reach well beyond such payments to include the costs associated with:
- temporary or permanent loss of sensitive or proprietary information,
- disruption to regular operations,
- financial losses incurred to restore systems and files, and
- potential harm to an organisation’s reputation.
About the last point, I cite again (as in my previous post), research by Arcserve published in late 2020 found that 59% of buyers are likely to avoid suppliers that they believe have suffered a cyber-attack. Unfortunately, Australian businesses are more susceptible to ransomware attacks than businesses in many other countries. Security Brief reports – ‘Over two-thirds (67%) of Australian organisations have suffered a ransomware attack in the last 12 months — 10% above the global average of 57%’. Crowstrike, which also found that of the businesses that fell victim to a ransomware attack, suggests that 33% paid the ransom, costing an average of AU$1.25 million for each breach. This percentage is higher than any other country in the Asia Pacific region and more than the global average (27%).
As such, the chances of your business being hit by ransomware in 2021 is very high indeed. Further to this, the chances of that attack costing you a significant amount of money are also very high.
So, what can you do to protect your business from a ransomware attack?
It is first important to understand where ransomware attacks come from. Most ransomware attacks involve silent infections delivered through exploit kits, malicious email attachments, and malicious email links. This is especially concerning given how many emails each staff member receives every day. It is even more concerning when 95% of cybersecurity breaches are caused by human error, including staff opening emails or links they should not open.
- The strategies for limiting the risk of ransomware include the following:
- Educate all staff to NEVER EVER open unverified emails.
- Educate all staff to NEVER EVER open untrusted attachments.
- Educate all staff to NEVER EVER visit websites they cannot trust.
- Educate staff to NEVER EVER give out personal information, including passwords.
- Educate all staff to NEVER EVER use unfamiliar USBs.
- ALWAYS use a mail server that scans and filters all content.
- Ensure that ALL software and operating systems are up to date.
- ALWAYS use a VPN when using public Wi-Fi.
- ALWAYS maintain up to date security software.
- ALWAYS back up your data and ensure an efficient pathway to recovery.
Also, consider the application of the HPE SimpliVity Hyperconverged solution. SimpliVity consolidates all the elements you need to run and manage a virtual environment – providing a virtual environment for 2 to 2000 machines. Among a range of benefits, SimpliVity enables data to be reliably backed up and rapidly recovered. It is a simple, powerful, and highly efficient security tool.
A client recently engaged Wolfe System to recover data stored traditionally for a business that had suffered a cyberattack. The recovery process took nearly five days to complete. Had the business being using SimpliVity, it would have taken less than an hour. In short, using SimpliVity would have saved this business at least four days of productivity. So, my advice is:
- To protect against the costs associated with a Cyberattack – Use SimpliVity.
Wolfe Systems is a trusted HPE partner and are the only approved SimpliVity implementation specialist in WA. If you want to know more about SimpliVity, please give me a call or email me.
0488 445 044
Smart services and smart technologies – Part One
A series designed to address state-of-the-art services and technologies that can be used by business to Eliminate Inefficiency.
In 2021, cyber-attacks are much more than a threat to business continuity. They are increasingly a threat to business survival. Research by Arcserve published in late 2020 found that 59% of buyers are likely to avoid suppliers that they believe have suffered a cyber-attack – with 25% suggesting they would abandon the product favouring a competitor. This finding is of particular concern in 2021 – given a 60% increase in business email scams, alone, in the last twelve months.
Numerous factors, including the coronavirus pandemic, have contributed to an increase in cyberattacks in the past 12 months. The cost of Ransomware damages are expected to reach US$20 billion in 2021, and some 94% of malware is now polymorphic, meaning that it can continuously modify its code to avoid detection. It is estimated that 6.85 million accounts get hacked every day or 158 every second – many of which could be avoided if passwords were managed more effectively.
It is estimated that:
- 33% of hacks involve phishing. and
- 28% of data breaches involve malware.
- 80% of hacking-related breaches leverage compromised passwords.
The first question businesses need to ask themselves in 2021 is:
- ‘Are the practices of our staff increasing the risk of phishing, malware or other password related breaches?’
The second question businesses need to be asking is:
- ‘How can we reduce the threat of password-related data breaches in 2021?’ This missive addresses both questions.
Our experience and volumes of research suggest that the answer to the first question is, for most businesses – ‘yes’. And we can prove it.
Wolfe Systems is currently undertaking tests of the password and email practices of staff within client organisations. The results have been both alarming and instructive. They have been alarming because we have frequently found:
- Passwords listed for sale on the dark web.
- Staff opening email that is for all intents and purposes malware.
These findings are consistent with those of research where it was found that:
- 51% of employees have not changed their passwords.
- 50% of employees reuse an average of five passwords.
These findings have been instructive, and answer the second question above in that they have enabled Wolfe Systems to implement strategies for clients that reduce future risks.
In response, clients have implemented policies to:
- Develop passwords with random numbers, letters and symbols that cannot be guessed.
- Adopt different complex passwords for each business unit and each user.
- Change passwords frequently and avoid the reuse of any passwords.
- Use a password manager or random password generator – such as RANDOM.ORG.
- Educate employees about the threats of passwords and malware breaches.
- Review all breaches and attempted breaches to identify upgrade opportunities.
- Implement multi-factor identification to provide an added level of security.
Wolfe Systems is also recommending that our clients use Passly, software developed by Kaseya. Passly protects data by ensuring that only authorised people are given secure access to sensitive applications and information. Developed in response to the growing numbers of remote workers, increased dependency on cloud applications, and explosive increases in cyber breaches, Passly is available for both SME and enterprise applications, facilitating:
- The protection of all applications.
- Secure access and multi-factor identification.
- Streamlined efficiencies with a single sign-on (SSO).
- Network and infrastructure access protection.
In short, this very smart technology makes security easy and affordable. This is leading-edge technology that will improve security without high costs or effort. Passly even facilitates the auditing of security systems and practices identifying issues requiring attention.
I recommend all businesses Install Passly secure identity and access management software without delay.
If you want to know more, please give me a call or email me.
0488 445 044
Welcome to Part 2 of my cyber-security mini-series. In part 1 where I identified two of the myths about and five of the biggest threats to, businesses’ cyber-security. It’s one thing to know about the threats but it’s another to defend yourself appropriately against them. In part 2 will identify just five of the strategies that need to be implemented to ensure your business is as secure as it can be and that you are protected in the event of a breach.
DEFENDING YOUR CYBER-SECURITY
The five potential cyber-security threats discussed here represent the tip of a growing iceberg. Criminals are learning more and more about how to disrupt business systems, and the technology available to assist them is increasing daily, along with the threat to businesses around the world. While geographically isolated, and even more so during the pandemic, Australia is not immune to these threats. Indeed, the epidemic has increased the frequency of attacks in Australia.
No business can afford not to have a strategy and policies to ensure its systems are as secure as possible. The cost of not being fully protected is just too high. Following are strategies and policies every business should have in place in 2021.
EDUCATION AND TRAINING
In 2019, IBM research found that 44% of executives believed that employees who made mistakes that lead to business systems being compromised lacked awareness of the threats. This highlights the importance of ensuring all staff understand how to ensure their behaviour does not open your systems to cyber-security threats. Research suggests that low awareness of best practice risks and ignorance is the biggest threat confronting businesses in 2021.
Every business needs to have a training programme and documented protocols to ensure that all staff know exactly what they need to do and need not to do – to minimize the threat of a cyber-security breach. Every business needs a long-term security programme and protocols.
Some 24% of cyber-security breaches in the past five years resulted from ignorant or negligent employees and contractors?
Most in depth cyber-security systems audits, identify vulnerabilities and or security gaps within – networks, applications and digital devices. This is at least partly because the technology available to and the expertise of hackers and criminals are advancing almost daily. What might have worked for your business in 2020 may not work in 2021 and will almost certainly be inadequate in 2022.
This highlights the need to undertake regular, at least half-yearly, audits of the networks, applications, and digital devices that all businesses have become so dependent on. Without regular audits, businesses have no way of knowing if they are protected.
Advances in criminals’ capabilities mean that even if your systems were relatively safe in 2020, they might not be in 2021.
The world is changing fast, but few things are evolving and advancing more quickly than the threats to businesses’ cyber-security. One Australian security agency alone receives reports on more than 164 cybercrime reports per day. This highlights the importance of all businesses, and indeed all enterprises having in place the technology required to monitor threats and report on potential breaches as soon as they happen. Delays can be very costly, indeed.
One of the highest priorities for business in 2021 should be to ensure they have the technology required to monitor the operation of their network and associated systems closely – enabling real-time reporting of potential breaches. The sooner action is taken, the better.
How much might it cost your business to identify a data breach a week after it occurred? How much could you save to know in real-time?
While technology can be expensive, breaches of that technology can be even more costly. While it is rarely necessary to buy all the ‘bells and whistles’, and there are most certainly strategies for buying well – it is important to ensure that your business uses reasonably current versions of the required hardware and software. Each update tends to incorporate new security features and options to make your network more secure.
It is important to work with your IT consultant to strike the optimum balance in terms of using the latest technology and not breaking the bank. The better IT consultants will have the buying power, expertise, and integrity to minimize your investment while ensuring your systems are protected.
If your technology is from 2016 and the technology the criminals are using is from 2021, the criminal might have the upper hand.
Despite the best-laid plans, sometimes things go wrong – perhaps unaware staff opening the door to a hacker, a backup system failing just before ransomware infiltrates your systems, a brute force attack occurs when you are less prepared than you need to be, or criminals use technology that is superior to yours to breach your security systems. While great staff training, regular assessments, systems monitoring, and the latest technology will go a long way to protecting your business, there may be times when the criminals win out.
To protect against this potential eventuality, it is prudent for all businesses to have cyber-security insurance, as part of the broader business protection. Businesses who approach cyber-security in the manner suggested here may never call on this insurance, but prudent risk management demands that they have it.
You are almost certainly insured for a thief breaking into your office – but are you insured for the greater likelihood of a criminal breaking into your systems.
In part 1 of this 2-part series I addressed two of the myths about and five of the biggest threats to, businesses’ cyber-security (click here to read part 1). There are other myths and many more threats. My intention was to highlight the importance of engaging an IT consultant with the expertise, resources and orientation required to partner with you in minimizing cyber-security threats.
Part 2 addresses just five of the strategies that need to be implemented to ensure your business is as secure as it can be and that you are protected in the event of a breach. Choosing the right IT Consultant is crucial and they can work with you to put in place a cost-effective programme and strategies to ensure your systems are secure.
In closing, as I closed in part 1, it is important to highlight again, that your business will almost certainly be targeted in some way by cyber-criminals at some stage. Protection against breaches of your cyber-security is nothing more or less than prudent risk management.
If you want to know more, please give me a call or email me.
1 300 958 923