In part one of our series we talked about deciding whether or not to build the application with in house talent and also some suggestions on how to actually find some companies to do the work.

Today we will be discussing the use of freelancers and off-shore companies as well as some tricks make sure that the company is being upfront with you once you begin work.

What about freelancers or offshoring?

Let’s take these one at a time:

Freelancers: A freelancer is a designer or a developer who is doing things under his or her own brand. Usually it is a one person shop. Successful freelancers, most likely, are very good at what they do. If they aren’t, then they won’t be in business very long. However, this is the crux of the problem: no matter how awesome, you’re still working only one person.

Lets say you have a website that needs to be built. You find an awesome freelancer, who builds it, and it’s awesome. A year later you want to expand it and make it even more awesome. You call up Ms. Awesome and she is booked solid for 6 months, or worse the phone number doesn’t even work anymore because she moved to LA.

If you hire a firm then this issue is much less likely to happen. One, the firm isn’t going to change their phone number. Two, a good firm builds their apps and sites in a similar manner so even if the original developer isn’t available, another member of the team can pick it up without too much of a learning curve.

Offshoring: About 10 years ago the specter of offshoring scared a lot of US-based developers badly. How could we compete with a dude who has two masters and a doctorate in programming and charges $12.50 an hour?

Fast forward to today and we have our answer. A lot of companies, both big and small, thought the same thing and had their sites and apps developed overseas. In the end they were very unhappy. Why? A lot of reasons actually, but here are the big two:

1. Communication: While most people overseas that do this work speak English there is still a big problem of miscommunication. The reason lies in the subject matter. By its very nature, describing a design or workflow is very abstract. When a language is not your first or your primary language, these abstract concepts are very hard to get across.
2. Culture: There is no question that many of the developers overseas are amazing at what they do. The problem arises from the culture differences. What is beautiful and amazing here is plain and confusing in another locale. In a lot of ways, design is a lot like humor. A hilarious joke told here makes no sense abroad. This isn’t due to not understanding the language. It’s because we have different cultures and values, which creates a barrier when it comes to design and development.

How can I be sure that whoever I hire can actually do the work?

This is the most important question you will have when you are hiring someone to build something for you. Unfortunately it is the hardest as well.

Get them talking. The first question to ask a potential vendor is: “Have you done this kind of work before?” If the answer is yes, then get the details. A good firm will be happy (and often get excited) to talk about their past work. Their pride in a job well done will show through. If the answer is no, then that isn’t a deal breaker. A good development firm adapts and can truly build just about anything. So, if they haven’t built your type of project before, get them to talk about the wide array of stuff they have built. In the end, if they are the right team for you, then their passion will show through and will give you the confidence you need to hire them.

Get references and call them. When you were evaluating a firm you found some references. Now that you are deeper in talks with them get more, specifically from companies that are doing something similar to what you need, or, at the very least, something comparable in complexity.

Go deep. Passion is the key to a good team. A good firm eats and breathes this stuff and it will show. Talk about your project and see their reaction. They should be asking a lot of questions. If they are good at their job they will ask you questions about your idea that you haven’t even thought of yet, and make the system even better than you hoped.

Transparency. A good team has nothing to hide. Their proposal will be straightforward and probably pretty short. If there is a lot of legalese or flowery language about things that have nothing to do with your project then you should be a bit worried. Their deliverable are also a sign of how open they are. How often do they plan on giving you something? If a team doesn’t plan to show you anything until three months after the start of the project, that should raise a red flag.

Every company has their own way of communicating with their clients. Some may give a deliverable every month. Others may not show code very often, but they give regular status reports and screenshots. At Cii we deliver on a two week schedule. It may not be comprehensive or finished, but every two weeks we give our clients a distinct section of the project as well as a progress report on how the work, as a whole, is coming. If this schedule cannot be met for whatever reason, then the client will know about it beforehand.

Wrap Up

Once you have decided to bring in an outside company to help you with your application development needs there really is no way to overestimate how important it is to choose the right company for the job. We hope that these tips and suggestions are helpful to you during the deciding process. If you have any questions about this or any of our other topics, please feel free to touch base with us anytime.

Are you a small business owner or manager? Quick … go look at your website. Is it awesome? Does it represent your brand the way it should?

How about your internal applications? Are you still using that old Excel spreadsheet with 400 tabs and macros that no one remembers writing much less fully understand?

If these questions struck a chord with you, then it may be time to get some help to get your technology working for you rather than be a constant hassle and frustration. Deciding you need some help is the easy part … finding the right help? That can be tricky and a bit scary.

In this two part series we will answer some of the most common questions surrounding the process of hiring a website and application development firm.

• Can the work be done in house?
• Where do I find someone?
• What about freelancing or offshoring?
• How can I be sure that whoever I hire can actually do the work?

In this part we will tackle the first two questions. Ready? Let’s go.

As you can imagine, here at Cii, we get asked these questions almost weekly. Small business owners know they need help, but are petrified they are going to spend a lot of money and not get the results they want. This, sadly, is a common result, but it can be avoided if you ask the right questions.

Can the work be done in house?

One of the funny things about web development is that everyone has a cousin, friend, roommate who “does websites.” The best part is they do them for super cheap. We have had potential clients get downright angry at us because they know that they can get a great website from their best friend’s uncle for about $300 so we are obviously just trying to swindle them. To those potential clients we simply smile and wish them the best of luck.

As with most things, with design and development services you get what you pay for (up to a point, but that is a different article altogether). Creating a website or a mission critical application is a mix of both art and science. It takes years of work, practice, and trial and error to get really good at it. Is it possible that the uncle is a genius web developer? Absolutely, but odds are if he is, then he probably isn’t charging $300.

On the other side of the coin, if you have a designer/developer on staff, or even someone who aspires to be one, then it is often a great fit to have that person work with a group of professionals and learn from them so that, over time, they can pick up the skills needed to expand the project or simply maintain it. A good dev team will have the heart of a teacher and will be happy to answer questions.

Where do I find someone?

So you have decided you need some outside help now where do you find them? The easy answer is simply “google it,” but that is just the beginning. The Better Business Bureau is a great place to find a reputable company. Another good tip is to simply ask around. Look at your partners’ websites (heck, even your competitors). A lot of times the company responsible for the design will have a calling card in the footer.

One thing to keep in mind is that unless you have highly specialized requirements, it is always better to hire locally whenever possible. Why? Simple: you can build a relationship.

Being able to meet the team (or at least the team lead) face to face offers a ton of benefits. First, and foremost, being able to see and talk to a person creates a connection that just isn’t possible over the phone or with email. Also, it creates a much higher level of accountability. The brutal truth is, once you get to know a person, it is much harder to cheat them.

If you can’t find a local company for whatever reason, then it is important to dig a little deeper. Look at online portfolio, ask for references, ask a lot of questions. In the end, you need to be comfortable with the team.

Wrap Up

Hiring a designer or a developer is a big decision for any small business. The end result will greatly impact your business one way or the other. In part two of our series we will tackle the thorny issue of off-shoring development and how to determine whether the firm actually knows what they are doing. Hope you will join us.

It’s that green time of year again, and no, we’re not talking about leprechauns or shamrocks. This Sunday, April 22, is the 42nd annual celebration of Earth Day. Rallies will be held, trees planted, and speeches made. It’s a time to reflect on what steps we can all take o improve the care of our shared planet.

Here are some ideas we’ve found to get your business thinking about how to green up your Information Technology (IT).

Go Cloud

Yes, you already hear about the cloud constantly, but there’s a green effect to this tech darling you may not be aware of. As this infographic from our partner Rackspace explains, cloud technology can lead to improved energy efficiency as more data processing gets housed under one roof. Power, equipment, and spacial resources can be shared, and server utilization is maximized to an optimal usage.

There are still challenges on this front, with Greenpeace making waves just this week with its criticism of some top-named cloud suppliers on the state of data center energy usage. Still, the newest data centers being built are marking continual improvements in energy efficiency. Yahoo got high marks from Greenpeace for its building design that makes maximum use of outside air for cooling, Facebook’s Swedish facility is hydro-powered, and Apple’s newest data center (to be built nearby in Maiden, NC) has aims to be the “greenest data center ever built.”

If your business has been considering a move to the cloud anyway, know that the savings won’t just be in your pocket: they’ll be shared by Mother Earth as well.

Be Efficient

Speaking of savings, every company could stand to improve its bottom line in the present financial climate. So what’s an easy strategy to make your business IT greener, both environmentally and economically? Efficiency. It’s just one word with a big impact. Here are some ways your business can become more energy efficient:

• Take an inventory of the computers and other hardware your business uses. Are there better, more efficient models on the market now? Maybe it’s time for an upgrade.
• How about other aspects of your office, such as light sources and break room appliances? This time of year lots of stores host “green” sales events. Take a look into government subsidies for green improvements as well.
• If you’re fortunate enough to have a big window in your office, use natural light on a sunny day instead of flicking on the light switch. Also, look at how many devices you have drawing power. Is your phone still plugged in even after it’s fully charged?
• When possible, take the stairs instead of the elevator. You’ll be helping your health alongside the planet’s.

Get Involved

There are plenty of ways to get your business spruced up for Earth Day, and to save all year round. But it’s not something anyone can do alone. We at Cii coordinate with our partners to make the business IT world a better place, and we’re proud to work with some great corporations that have made big commitments to the environment. You can check out some of their initiatives (and get some ideas of things your business can do on a smaller scale) at their websites: Dell, Lenovo, and Microsoft.

Your local community might have some green works your business can take part in. Check into discounts your city might offer for efficiency, and be on the lookout for technology recycling events. The city of Raleigh is hosting several events for Earth Day this weekend, which you can find on Triangle.com.

We’d love to hear what your business, especially your IT department, is doing to go green this Earth Day. Leave a comment, or contact us on one of our social media channels.

Image Credit: NASA Goddard Space Flight Center. “Earth from Space.” Image. NASA Goddard Photo and Video’s photostream. Flickr. Web [http://www.flickr.com/photos/gsfc/6049973495/].

Nostalgia, like spring, is in the air. Viral videos envision what popular online services might have looked like in previous decades. Microsoft’s been publishing a timeline of computer security. The new Facebook Page Timelines allow companies to showcase their entire corporate history (including ours!)

Information Technology (IT) has certainly come a long way since the days of dial-up and DOS, so it’s not surprising that the question of how to manage that technology has become a widespread concern. Most small businesses aren’t able to hire a complete in-house IT team with the latest and greatest tools, especially not in the current economic climate. But they still have tech-related responsibilities: protect customer data, prevent system downtime, and comply with an ever changing regulatory landscape.

If it sounds like managing all these IT services is a full-time job, you’re right. Now ask yourself this question: can you do it and maintain your core business? Fortunately, there’s a viable solution small businesses can choose: IT managed services.

Just What is It?

Managed Services may sound like just the latest buzz word to cross your path, but it’s really not that technical (or expensive, which is the other big show stopper). A managed service provider is simply an outsourced IT team, one made up of qualified professionals with up-to-date equipment, who proactively monitor and provide support for your business technology. The independent security research firm Securosis has a great write-up of the value managed services provide, such as:

• Skilled staff made available at cost effective rates.
• Technology scaled to maximum potential.
• Risk shared for system security and performance.
• IT monitored beyond regular business hours.

Do I Really Need This?

Yes, you do. The days when you could count on being “too small to notice” by online threats are long gone, if they ever existed to begin with.

Here’s a great example of what we’re talking about: according to the Verizon 2012 Data BREACH Investigations Report, “the bulk of criminal activity targeting payment cards has shifted away from larger organizations to smaller ones, primarily because they can be obtained at a lower risk.” Why do cyber criminals want that info? Personal customer data enables them to craft phishing schemes to commit identity theft and fraud (see our series on Malware & Your Business for specifics).

Sure, we hear about big brand data theft all the time, even from the likes of tech giants like Google. These events make headlines, but have relatively little impact on how much people still choose to interact with that business (you did come to this article via a search, didn’t you?) These brands also have deep pockets from which to reimburse wronged customers and litigate against spammers.

In contrast, a small business’s life blood is the trust customers place in it. A data breach could destroy your credibility, perhaps permanently. Would you shop somewhere known as an easy mark, whether in the physical or virtual world? Should you expect any differently from your customers?

How Do I Sign Up?

Glad you asked. There are a lot options when it comes to outsourcing your IT to a managed service provider. Remote desktop and cloud services has created a competitive, international market. When researching your business’s options, make sure to look for providers who partner with recognizable names in the world of technology security, and who have a track record of successful client work they can direct you to.

While cost is obviously a concern, there’s a major advantages to be had from contracting locally. A firm like Cii Technology Solutions isn’t on the end of a tech support queue reaching across the world. We’re native to the Raleigh, NC area, able to come in person to your business, answer any questions you have or providing insight into problems you may not even be aware of. Our list of successful partnerships with companies like Microsoft, SonicWALL, and GFI means we know how to get you the maximum return on your investment.

Managed services can free up time and resources, allowing you to focus on what you really want to do: grow your business. Contact us to find out how you can get started.

Zombies are all the range now, both on the silver and the small screens (and the digital, and the mobile, and … you get the point). But even if you’re not packing heat for the zombie apocalypse, you need to be concerned about a threat that’s both real and lethal to your business information technology (IT): botnets. Falling prey to one of these infections could enlist your computer into a virtual army of the living dead.

First Blood

So just what is a botnet? Here’s a definition from Microsoft’s Safety & Security Center:

The term bot is short for robot. Criminals distribute malicious software (also known as malware) that can turn your computer into a bot (also known as a zombie). When this occurs, your computer can perform automated tasks over the Internet, without you knowing it.

Criminals typically use bots to infect large numbers of computers. These computers form a network, or a botnet.

Criminals use botnets to send out spam email messages, spread viruses, attack computers and servers, and commit other kinds of crime and fraud. If your computer becomes part of a botnet, your computer might slow down and you might inadvertently be helping criminals.

But just how does the zombie bug spread? Sometimes it’s through an employee falling prey to a phishing attack via email or social media. Or maybe the botnet creator squeezes through a weakness in a computer’s operating system or software (so-called “zero-day exploits”). A surprising number of these style attacks happen even after weaknesses have been identified and patched by software providers, due to computers that are not up-to-date on the latest security updates.

Regardless of the method used, the initial infection is just the beginning of your problems.

The Virtual Dead

For hackers, the value in a botnet is the large amount of processing power they now have access to. Botnet masters utilize botnets to perform a variety of malicious purposes, from simple spam to major digital attacks. Here are some infamous examples of the havoc botnets have caused:

• The “Storm” botnet at one point was believed responsible for about 20% of spam clogging up email inboxes, harnesing the power of thousands computers at its height. Thought to have been defeated by a Microsoft security tool in 2008, a similarly coded botnet sprung in 2010.
• Malware developers began ZeuS (also Zbot) in 2005, but it really made a splash in 2007 with attacks against the US Department of Transportation. It quickly moved to banks, and ensnared millions of victims via phishing. This keylogging trojan’s popularity soared after its source code went public online last year.
• A botnet that started in social media rather than migrating to it from email, the Koobface worm originated in 2008 and quickly spread by inviting victims to watch a video requiring additional plugins. The creators profited via scareware spam and click fraud, and though their identities have been outed, they continue to enjoy their ill-gotten millions.

It’s not even high-level hackers to worry about: botnet kits, complete with tech support and patches, are now available so that even those with limited computer skills can now fire away at businesses.

Fighting Back

So, what can your business do? It’s important, as always, for your business to install good firewall and antivirus protection, like that offered by our partner GFI Vipre. Keep track of the latest updates for all of your business IT and install them immediately to avoid malware that takes advantage of unpatched software exploits. If you notice your system growing unusually sluggish or recording odd actions, contact a security consultant to audit your IT for a botnet infection.

Also, educate your employees about secure Internet practices. Keep up with the latest phishing scams and send out that information. Make sure people know not to click on suspicious links or attachments, and that they know how to contact your IT security team (or the firm managing your security) if they’re asked to supply confidential information via email or social media. Due diligence with financial information is also important for recognizing and stopping a botnet.

The number of botnet attacks is only rising as the technology becomes easier to use and more people stay connected to the Internet via mobile devices. If you’re worried about the risk botnets pose for your business IT, we encourage you to reach out to a tech firm that specializes in handling these and other threats (we’d certainly be glad to discuss it with you).

If you’d like to learn more about botnets, check out this handy infographic from McAfee Labs, and consider subscribing to their botnet blog channel.

Talking about technology security risks in your business may conjure up thoughts of perimeter security for your server to protect it from outside attack. While that’s certainly part of any good security plan, focusing too much on outside threats may leave your business vulnerable to another pervasive problem: insider threats.

Your business technology is most vulnerable when it’s accessed by the very people you want (and need) to work with it. According to a 2010 Verizon security report, 85% of the data breaches involving insiders were by regular employees and end-users. The report contains this sobering anecdote about a U.S. bank:

The intruders started by stealing legitimate credentials to the bank’s ACH wire transfer portal belonging to three separate internal employees, who all received an e-mail from the “FDIC” on a Friday afternoon. The employees noted that the attached PDF file wouldn’t open correctly. The following Monday, several million dollars were wired out of the bank using the three employees’ access credentials.

Insider threats are real. What can your business do to protect against them?

User Roles & Permissions

Review how much access you grant basic employees. Is the default to grant them permission to information and/or systems they rarely need or use? That’s a security risk, and not just of the Wikileaks-type variety. If an employee’s password is compromised, the amount of access that password provides could make all the difference in how much your business IT may be attacked. As an article on SC Magazine explained,

It’s not just malicious malcontents intent on destroying the system who can cause havoc, but also the negligent, misinformed and downright nosey who can compromise sensitive data. In most situations it’s more often than not the case that such people have way too much privilege access – admin rights on the desktop, root password on server – for the role they are required to play.

According to the same Verizon report, inside attacks often involve “payment card data, bank account numbers, and personal information.” That’s bad new for your customers, and a public relations nightmare to boot. Here are some tips for monitoring user permissions:

• Knows who has access to the most sensitive information, and monitor how that data is used.
• Make sure your technology has safe guards in place against excessive access to secure systems.
• Keep permissions up-to-date with the latest personnel changes.

No Phishing

As explained in our earlier posts on malware, phishing is a huge problem. Scammers may pose as your own business security team, and they’re not just using email. Social media and mobile apps are becoming infected. A user action as seemingly benign as accessing a public wireless network with a company device may open your business up to attack.

These attacks have only grown more sophisticated in recent years, with the spread of so-called “spear phishing,” in which an individual is specifically targeted. Spear phishers trawl the web for information an employee has freely given out (such as through a social media account), then craft a legitimate appearing message to send to that person. The message may claim to be from the individual’s bank, employer, or even the government, and may lead to a website that mimics the entity’s login screen.

Protecting your employees from phishing is difficult, but not impossible. It involves a combination of user education and awareness, and security measures in place to limit access to high-risk web areas. It’s important for your plan to be two-fold because simply locking technology down may no help if there’s not employee buy in (Zdnet).

International Information Systems Security Certification Consortium (ISC²) executive director Hord Tipton has this advice on how to raise security awareness in your users:

… use real examples, especially from high profile cases, such as the RSA breach. In that case, four employees were targeted with an email attachment purporting to be a recruitment spreadsheet. Show people what they are up against and do it once a month, not once a year.

Conclusion

With insider threats, as with all security risks, the important thing is to be aware of the problem and have a plan to address it. Your business may wish to have a company perform an outside audit to determine where you’re vulnerable and what you problems you need to address. We at Cii Technical Services would be glad to help on that front.

To test your knowledge of the issue, and learn more about the facts surrounding it, try taking Network World’s Security quiz.

Image Credit: Office of War Information. “Listen! The enemy may be talking. Don’t talk! The enemy may be listening.” Poster. World War II Posters. U.S. National Archives and Records, 1941 – 1945. Web [http://research.archives.gov/description/514901].

But there’s another story about Internet piracy and online data that hasn’t garnered quite as much attention in the world at large, though it may be more relevant to the average small business. One January 19 the US Justice Department took a website called MegaUpload offline in response to charges that it was complicit in pirating. This website wasn’t a file-sharing system like Napster: it promoted itself as a legitimate “cloud” service to users, and a number of them have become worried that their legal digital property is now lost forever.

The Cloud Dilemma

This whole debacle sheds light on a critical aspect of cloud computing for your business: data security. It’s a world of extremes. On the one hand are businesses that refuse to trust any sensitive information to the cloud out of security fears, and on the other are those who embrace it without a thought to how to secure and verify their data.

It’s important to remember that the sky isn’t falling. MegaUpload was targeted by the Justice Department because the site allegedly obstructed efforts to take down illegal content and rewarded users who uploaded popular content for download. The terms of service users agreed to included a clause allowing the website to cancel service without notice. This situation is not symptomatic of the large majority of legitimate cloud providers.

However, based on the furor raised by users and small businesses who now face MegaUpload data loss, this situation does point out how many of these users failed to properly research and vet cloud storage options before trusting this website with their data.

So, if your business is considering a “trip to the cloud,” what steps can it take to avoid a MegaUpload-sized mistake?

Stairway to Heaven

One, take things slow. Ignore the hype and make sure your business takes the time to really think about whether it needs to fully embrace the cloud, go hybrid, or wait a while. Cloud computing is not a one-size-fits-all market. Research how your competition have handled this field; their successes and/or failures can help inform your decision.

Two, consider your security risk. This step is true even if you don’t think your business needs to invest in (or engages with) the cloud. Do your employees email sensitive documents to each other rather than download them from a central (“cloud”) space? That’s a security risk multiplied, since your email server now has multiple copies of this file floating around. What about downloaded information on a lost portable device? These security risks are real and your business needs a plan in place to securely manage document sharing, regardless of whether or not it chooses to engage a cloud service.

Three, thoroughly investigate vendors and their service agreements. Choosing a free or super cheap option may seem like a bargain, but what other costs do they entail? Will your data be used for advertising purposes, or potentially have outages without notice? How much support does the cloud service provide, and what guarantees does it make? What’s the company track record with data outages?

Four, make a decision and manage for the risks involved. Your business may decide to build its own private cloud if it has enough manpower and resources at it’s disposal, or it may decide the cloud needs more study and wish to engage the help of a trusted provider to wade through the options available (we at Cii Technical Services would be glad to help!) Regardless of what choice is made, though, security risk will still need to be managed. That includes spending time training your employees on how to securely work with your company’s and client’s data.

Conclusion

If you’re considering a cloud solution, Zdnet blogger Phil Wainewright wrote a great article on the subject with helpful tips called “Seven lessons to learn from Amazon’s outage.” Also check out these tips over at our partner Egnyte HybridCloud’s blog.

If you have specific questions on cloud security and risk management, feel free to contact us.

But Information Technology (IT) is not something a growing business can ignore, and that technology requires a capable and dedicated staff to work. So, how can your business meet the demands of technology and the bottom line?

Planning

The first thing any business should do when making staffing and investment decisions is to plan. What core strengths does your business focus on? Put another way, what do you want your business to do best? Whatever the answer is, that’s the area where your business should devote the most time and resources. Technology could very well be that answer, and so your company may need to look at how to grow its internal IT staff and infrastructure.

However, perhaps that’s not the answer for your business. A biotech start-up or banking outfit may rely on technology to further its goals, but neither business would probably see IT as the end result of its commercial existence. Your employees’ area of expertise may be in a specialized field that isn’t directly tied to IT requirements, and your company may not feel it needs a large IT staff.

But even businesses in seemingly non-tech industries might be surprised at the IT demands placed on them from employees and customers. Mobile computing and the rapid adoption of smart devices (like phones and tablets) have begun to shape certain technology expectations for businesses, and while cloud computing is certainly a hip way to store data, “limited IT skills are holding many small businesses back” from enjoying the benefits of virtualization (CIO).

Comparing

Knowing your business needs to invest in IT staffing is one thing, but accounting for the cost is another. Once you get past the “two computers in a basement” phase of a company (or even the “my cousin can handle our technology” growing pains), you have to seriously consider filling critical (read, “expensive”) IT positions.

However, not investing in these human resources can mean lost productivity and headache in other areas, as a 2010 USA Today article titled “Small-business owners might need outside help with tech” explained:

About one-quarter of small-business owners handle tech support for the entire company themselves, according to the NSBA [National Small Business Association] report. They’re taking on duties such as upgrading software, overseeing hacker- and virus-resistant e-mail systems and updating Facebook pages. But IT experts say those already overburdened owners should consider seeking outside assistance.

So the big question is: hire in-house staff, or outsource it? There are pros and cons to both sides of that argument, and one answer won’t fit all circumstances. Major companies hire in-house IT staff because they offer value in terms of being readily available to fix problems and having an inside view of the company. Often these companies have the luxury of hiring staff with both technology and business backgrounds, and can afford to continually train them in emerging technology.

Smaller businesses may not have the margin to hire adequate staff to cover all of their (often growing) IT needs, or to offer continuing training in the form of conferences and workshops. The advantages these businesses might get from an outsourced IT staff would be access to well-trained professionals who are on call for their needs based on the service contract signed, and who bring vast experience to your bugs based on the other clients they serve. There’s also the cost savings of not having to pay a full-time salary or benefits.

When we talk about outsourcing, we don’t necessarily meaning calling a foreign country. There are many companies right here in NC that are able to provide IT staffing solutions for your business, with a range of pricing and service options to fit your business needs. Hiring a local IT staff means the computer doctors can even perform house calls when needed (provided that’s in your contract). Here at Cii Technology Solutions, we not only offer tech support but the experience and partnerships to help plan your future business technology needs.

Another option altogether is to outsource some technology needs while keeping others in-house in a personalized hybrid model. Even if your business chooses to outsource most of its IT staff, chances are you’ll have at least one person delegated as the liaison between your employees and the IT firm. Having at least one person on staff with a good grip on technology (especially the technology appropriate for your business) can make a big difference in making sure your business keeps on target with its IT goals.

Deciding

Only you can answer the question of what IT staffing solution works best for your business. It requires careful planning and consideration of the choices available. PC Magazine has an excellent article that could help your business start this process, “When to Outsource IT.” Or, if you’d prefer to hear about outsourcing IT staff in NC, you can contact us at any time for a consultation.

Above all, remember that technology is a tool that should be used to further your business, not the other way around.

Image Credit: Terber, Martin. “Cockpit Poser.” Photograph. Flickr, 5 February 2007. Web [http://www.flickr.com/photos/jesuspresley/384080245/].

In the first part of our series (“Malware & Your Business: Viruses, Intrusions, and Phishing“) we looked at the online threats facing businesses today and what cost they really have. Today let’s look at the brighter side of life: stopping malware in its tracks. With all the threats facing your business information technology (IT), it’s important to have a wide arsenal of tools available.

Intrusion Prevention

Sounds like the sort of thing a movie spy would talk about, right? But we’re not talking about guns or barbed wire. McAfee Labs defines intrusion prevention as:

A preemptive approach to host and network security used to identify and quickly respond to potential threats. An IPS [Intrusion prevention system] monitors individual host and network traffic. An attacker might carry out an attack immediately after gaining access, so an IPS can take immediate action as preset by the network administrator.

Intrusion prevention can take many forms. One of the most prevalent (and necessary) means of detecting and preventing intrusions are firewalls.

Nowadays, this protection is more than a virtual security fence. Changes have come to the office business environment; not only are the threats more sophisticated, but the number of devices connected to your network, and how information on those devices is accessed, has changed dramatically. Firewalls have adapted to these changes, and now offer “the incorporation of content-based security technologies … identifying threats within the application content,” as a vice president for security and threat management provider Fortinet explained in SC Magazine.

At Cii Technology Solutions we enjoy a successful partnership with SonicWALL. This company offers firewall and intrusion prevention services as part of a unified network security strategy. We’re not the only ones who think so: the company has been nominated in six categories for the SC Magazine IT Security Awards, in which it won last year for Best Web Application Firewall, and just this month won silver in the Enterprise Hardware Category of the Tech Awards Circle (infoTECH News).

If you’d like more technical information on understanding the different intrusion detection and prevention systems out there, check out the “Guide to Intrusion Detection and Prevention Systems (IDPS),” published by the National Institute of Standards and Technology (NIST).

Antivirus Protection

By now most people know that they need good antivirus software to keep their technology safe from malware. But the options are vast, and your business probably needs a different kind of protection than your home computer. So, what characteristics should you look for?

• Threats don’t care about company size, and so you should expect your antivirus software to face just as much junk trying to get in as your (perhaps larger) competitors. Make sure the product you choose has a team behind it focused on keeping track of the latest viruses out there, and that you have access to frequent patches and updates.
• Protect everything that accesses your network, rather than just the desktop computers. With greater adoption of mobile devices and cloud computing, businesses need antivirus that monitors all different types of malware.
• Knowing when things go wrong is just as important as guarantees that things are going well. There may be a time when no matter how many safeguards you have in place, a breach of your network happens. Choose a vendor with a good track record of alerting its customers when such an event occurs and helping them recover.

You can read more about what to consider in an antivirus solution in the information put out by GFI Software and McAfee Labs, two of our trusted partners in protecting business IT.

User Education

Last, but certainly not least, is the need to teach your employees the basics of IT security. Sure, you pay good money for quality IT protection and support. But even the best defended fortress is still vulnerable to threats from within. Targeted attacks and spear phishing campaigns mean that hackers may gain access to your network via your own users.

What can you business do?

• Make sure that anyone who accesses your business network is trained on sound, safe computing practices, especially regarding email and social media use.
• Develop and promote policies for potential security risks, like employee-owned devices that access company data or downloaded software on business computers.
• Let users know about the latest threats circulating in the wild, and provide them with tools to quickly alert security personnel when a problem arises.

Users shouldn’t be the weak link in your security plan. Instead, train them to be network defenders.

Image Credit: Ivan, Widjaya. “No phishing!” Photograph. Flickr, 5 December 2011. Web [http://www.flickr.com/photos/28288673@N07/6457165789/].

Junk email, or “spam,” is the bane of almost every email user’s existence. It’s an old problem dating back to the beginnings of the Internet, with the first known junk email sent out in 1978 (The New Yorker). Despite some victories, such as the recent lawsuit won by Internet giant Yahoo! (Naked Security), spam continues to spread rapidly around the world.

More than a mere annoyance, spam can have real costs for your business. Servers may struggle to deliver legitimate email when deluged with spam. Time and resources are eaten up when employees spend half their time deleting unwanted messages. Even worse, there’s the real threat that spam may infect your business technology with viruses and become part of the problem. Some malware incorporates infected computers into a botnet system, using your own computer to send out the very junk you want to stop.

But you probably already know spam and junk email is a bad thing. The real issue is how to get rid of it. While there’s no “magic bullet” available, there are several steps your business can take to stay ahead of this problem.

Spam Filtering

Spam filters work by scanning potential email for a list of preprogrammed parameters to determine if the message should wind up in a user’s inbox or not. These parameters may include

• “white” list: addresses the user trusts to send email,
• “black” list: addresses known by the filter to have been guilty of sending spam in the past,
• rule-based rankings: email is checked for words and phrases commonly used in spam,
• SMTP verification: check whether email is sent from a valid address,
• country-based filtering: block email from certain countries suspected of sending spam,
• challenge/response systems: sender must pass a verification test to send email.

While almost all major email providers (Hotmail, Yahoo!, and Gmail) have their own spam filter systems, a business email account should have a spam filter that is pertinent to that company’s needs. For example, if you do work with a lot of oversees clients, country-based filtering could end up blocking non-spam customer emails.

Making the right choice and setting the right defaults will require due research on the part of your business. Here at Cii, we partner with two companies that do a great job at getting rid of junk email for business clients: Sonicwall and McAfee MX Logic.

The Final Defense: Education

One final note on the dangerous nature of spam: even the very best filters may accidentally let some unwanted mail through. The number one vulnerability your network faces is the very people who have access it: you and your employees. That’s why it’s so important that your business keep everyone educated on how best to recognize and avoid potential traps. Good primers on the subject can be found in these articles from IT Security: “The Essential Guide to Spam Control,” and “Is It Real or Is It Spam?”

If you have any questions on how to better protect your business email from spam, please don’t hesitate to contact us.