A question that seems to come up a lot lately with clients, in some form or fashion, is “How should I properly budget for IT expenses?” While this is a great question, there are a lot of variables that determine the answer, so I can’t provide a “one-size-fits-all,” simple answer. However, below are some general guidelines that should help you figure this out:
- Hardware Refresh. No one likes the cost of a network upgrade, but it IS necessary approximately once every 3 to 4 years. PCs and servers older than that tend to run slow, crash frequently and generally become more expensive to fix and support than to replace. Therefore, your budget should include an IT refresh of all equipment every 3 years to be on the safe side.
<li><strong>Maintenance.</strong> There is no “set it and forget it” when it comes to network maintenance. With cyber criminals becoming more sophisticated and aggressive, you MUST constantly monitor and update your network against cyber-attacks, malware, data loss, etc. A good general rule of thumb is <<$400>> per month for each server and <<$100>> per month per PC. </li> <li><strong>Data Backup.</strong> Another expense you must account for is backing up your data to an offsite location (often called “cloud backup”). Since all businesses generate MORE data year after year, the backup will grow. Start by assessing the growth of your data over the last couple of years to uncover a trend. From there, forecast those additional expenses going forward at the same rate (don’t expect this to stay static year after year).</li> <li><strong>Expansion.</strong> Another factor for your IT budget is upgrading software, line of business applications, CRM systems and accounting packages that can no longer support your growing company. As your company grows, systems, processes and data become more complex requiring more sophisticated (and often more expensive) software and systems. Make sure you are looking ahead year upon year to see this coming and to properly budget for it. There’s no “magic” formula for this because the timing and cost of your upgrade is unique to your company, situation and what you are trying to accomplish.</li>
Many of our clients have opted for our ((name of managed services plan)) as an easy way to budget for IT. This program allows you to pay a fixed, monthly fee for all IT expenses including ((outline what you include, particularly if it includes hardware refreshes as an option)).
Here’s an important question about your finances with a shocking answer: If a cyber-criminal were to gain access to your company’s bank account and steal all of the money in it, could you get it back? In many cases, the answer is no.
Many small business owners falsely believe they are protected by Federal Deposit Insurance Corporation (FDIC) laws and that the bank (or Federal government) would replace money stolen by a thief. Not so. The FDIC protects bank accounts against bank failures, not theft or embezzlement. So if your money is taken by a criminal—be it a completely anonymous person or even a “trusted” employee or vendor—the bank is not responsible for replacing the funds.
What’s really concerning about this is the fact that online criminals are becoming more and more sophisticated in their attacks. Criminals are also targeting small businesses since they are the “low hanging fruit”—small businesses often don’t have the security systems in place to prevent these attacks.
One Real Example That Cost One Business Close To $100,000
Sign Designs Inc. is an electric-sign maker in Modesto, California that had almost $100,000 stolen from their account by an unknown group in Eastern Europe. The first sign of trouble was a phone call from Bank of Stockton, their local community bank. It had just received a call from Chase Bank’s anti-fraud team regarding a $9,670 electronic payment to a Chase customer in Michigan. The owner confirmed he had not set up or authorized that payment, and when he looked further, he discovered that 17 similar transactions had already been processed the previous day from his bank account.
Although the owner’s bank notified all the banks that had received the funds, a large chunk of the money had already been withdrawn by “money mules” (people who launder money for online criminals, usually in Eastern Europe). The biggest problem for Sign Designs is that the Bank of Stockton isn’t accepting responsibility for the losses, claiming its systems were never breached. Hackers had planted a malicious program on the computer of Sign Designs’ controller and used that program to steal his online-banking credentials. The bank also points out that Sign Designs failed to implement proper security measures on its network that might have averted the losses.
How To Protect Yourself
- Keep Your Network SECURE!
Hackers are focusing on small business computer networks because they are far easier to crack than a bank’s network. Weak passwords, out-of-date anti-virus, security patches that aren’t updated, and unmanaged (or non-existent) firewalls are the simple security checks that hackers are counting on you to neglect. Don’t be an easy target! Of course, our <> clients know that we’re watching over their network and making sure the gateway to your data is safe.
- Educate Your Staff
While up-to-date anti-virus will protect you against a LOT of threats, it’s not 100% effective in protecting you. That’s because the most common way criminals access financial accounts is through e-mail: phishing scams, malware attachments in documents or links, or brute-force password guessing/reset attacks. The first two are made possible through human error; employees or trusted account holders “giving” hackers access by accidentally downloading malware, typing passwords in an e-mail, clicking on a link in an e-mail they believe to be safe, and so on. That’s why it’s important that anyone accessing financials should know NOT to click on strange links, open questionable attachments or send any account information via e-mail.
- Talk To Your Bank
Find out exactly what their policy is for fraud and what you can do to prevent problems. Ask your bank to set up “dual controls” on your account so that each transaction requires the approval of two people. You might also establish a daily limit on how much money can be transferred out of your account, and require that all transfers be prescheduled by phone or confirmed via phone call or text message. If possible, impose restrictions on adding new payees.
- Watch Your Account Daily
You should also get into the habit of checking your accounts daily at the end of the day and notifying your bank immediately of any questionable withdrawals. Money is laundered quickly; the sooner you catch the mistakes, the better your chances are of recovering the funds.
- Make Sure Your Accountant Has Proper Security Controls
If you have someone doing your payroll and/or accounting, make sure they are following the same strict security procedures of your own computer network. Sign Designs was hacked by accessing the controller’s PC and using his credentials to make the transfers. Therefore, it’s essential that any and every employee, vendor or person accessing your financial accounts is following even tighter security controls on their PCs or other devices used to log into your bank, credit card account, etc.
If you’re not certain your computer network is secure from these attacks, call us for a FREE Network Security Audit and find out for sure if you’re protected…or not: 917-685-7731 or e-mail: firstname.lastname@example.org
Here are a few simple things you can do to prevent your server and network equipment from overheating and crashing:
- Tidy up the server room; a neater room will increase air flow.
- If you have more than one server, arrange them in a row so that the cold air comes from the front and is expelled out the back.
- Keep the doors to the server room closed and seal off the space.
- Make sure cold air reaches all the equipment.
- Have a redundant A/C that is specifically designed for computers.
- Buy a rack enclosure where the cooling is built in to the bottom of the rack.
- Keep the temperature at no more than 77 degrees.
- Use blanking panels over any empty spaces on your server rack.
- Consider virtualization so you are generating a lower amount of heat in the first place.
You hear it all the time from us—back up your data, keep your virus protection current and install and maintain a firewall to protect yourself from hackers and other online threats. However, while these precautions will certainly help you avoid problems, they CAN’T do anything if you don’t have a good backup and disaster recovery plan in place.
Are You A Sitting Duck?
We all know that an ounce of prevention is worth a pound of cure; yet, disaster recovery planning often takes a distant second to the daily deadlines and pressures of running a business. That means that most businesses, including your own, may end up offline and without important data after a simple lightning storm.
Don’t think that could ever happen to you? Consider this: “data-erasing disasters” can also take the form of office fires and broken water pipes, not just earthquakes, floods and tornadoes. If a fire started in your building, the parts that weren’t burned beyond recovery would probably be destroyed by the firemen’s efforts. But even more common is software corruption, hardware failures and human error!
7 Disaster Recovery Questions You Need To Answer
A disaster recovery plan doesn’t have to be complicated, time-consuming or expensive. Start by asking yourself the following questions…
- Do you back up your company’s data daily to both an onsite and offsite location?
- Are you absolutely certain that your backup copy is valid, complete and not corrupt? How do you know for sure?
- If disaster strikes, HOW would you get your data back, and how long would it take? In many cases it takes days and often weeks; what would you do during that period of time?
- Do you have copies of all the software licenses and discs in a safe location that could be accessed in the event of having to rebuild your server?
- Would you and your employees have a way to access your network remotely if you couldn’t get to the office?
- Do you store important passwords in a secure place that company officers can access if you are unavailable?
- Do you have a UPS (uninterruptible power supply) device in place to keep your network and other critical data operations running during a power outage?
Call 917-685-7731 to schedule your Disaster Recovery Assessment so we can be sure you are ready BEFORE a disaster ever strikes.