The Savvy CIO

The business world is waking up this month. Is your IT infrastructure ready to support the incoming upswing? How can you prepare while still being cautious about expenses?

We’ve collected our posts about how to perform your own IT assessment into a single, downloadable document. We cover the key issues involved in twelve types of critical technology, including common mistakes, best practices, and our recommendations from years in the IT trenches. The technology considered includes:

1. Malware and Anti-Virus
2. Firewalls
3. Content Filtering
4. Physical Network
5. Internet Connection
6. Email & Collaboration
7. Wireless Network
8. Data Backups
9. Data Repositories (including servers)
10. PCs
11. Printers
12. Remote Access

Download it. Copy it. Share it with a colleague or your IT guy.

We’re committed to seeing small businesses reap the real benefits of IT, instead of seeing IT as a cost center or necessary evil.

Click to download the guide here: Highland Solutions IT Assessment Guide.

This is part 12 of a series on IT Self-Assessment for small businesses. We’re providing information and guidelines for a simple IT check, giving you the ability to gain free insights into how your technology can serve your  business better. Each post covers a critical area of technology.

Remote Access

Function & Value

Remote access enables users to access programs and files stored on a PC or server in your office when they are not physically in the office. Remote access can allow for a flexible work schedule, cover mistakes when a file or task is forgotten, and help you accomplish an emergency weekend task without an emergency weekend commute.

There are two common ways to provide remote access: VPN (virtual private network) and Remote Desktop. A VPN uses a piece of software on an external PC to connect with a VPN concentrator (often a firewall) inside the office. Remote Desktop runs on an external PC and connects with appropriate credentials to a PC inside the office.

External access is required for most businesses, but it can pose significant risks to your network. Here are the most common problems and how to avoid them: read more »

This is part 7 of a series on IT Self-Assessment for small businesses. We’re providing information and guidelines for a simple IT check, giving you the ability to gain free insights into how your technology can serve your  business better. Each post covers a critical area of technology.

Communications: Wireless Network

Function & Value

A wireless network allows wireless enabled devices like laptops and PDAs to easily gain access to the Internet or your local network without the expense or tangle of Ethernet cables.

Why do you need a wireless network? Wireless is more flexible and less expensive than a wired network and can be ideal for small or mobile offices as a primary network. Wireless also makes your office hospitable to guests needing access.

Why don’t you need a wireless network? Unlike wired networks, you cannot control how far a wireless network extends, so your network can be accessible from the parking lot or the office next door. Wireless is also much more difficult to secure than a wired network, and poses unique security challenges.

Wireless isn’t right for all businesses. If you already have a wired network, don’t add a wireless network unless there is real need.

If you do have or require a wireless network, pay attention to the following common problems and best practices. A compromise of your wireless network can be crippling to your business.

read more »

This is part 3 of a series on IT Self-Assessment for small businesses. We’re providing information and guidelines for a simple IT check, giving you the ability to gain free insights into how your technology can serve your  business better. Each post covers a critical area of technology.

Security: Content Filtering

Function & Value

A content filter is a piece of hardware or software that acts as a screen between the Internet and your users. The filter uses pre-set and customizable categories to prevent access to types of web sites. The least aggressive filters block only malicious sites, while the most aggressive allow only approved, work-related web sites.

If your organization provides Internet access to minors, you need to know the legal requirements of Internet content filtering.

We advise every organization to use content filtering to block malicious websites. How content filtering is used beyond that depends upon weighing the pros and cons of filtering.

What kind of content filtering is right for your business? read more »

This is part 2 of a series on IT Self-Assessment for small businesses. We’re providing information and guidelines for a simple IT check, giving you the ability to gain free insights into how your technology can serve your  business better. Each post will cover a critical area of technology.

Security: Firewall

Function & Value

A firewall is the gateway into your network, controlling all inbound and outbound access to and from the servers and PCs you control. A firewall provides the ability to securely access PCs and servers remotely, which is good for telecommuting employees as well as rapid response from your IT firm. Firewalls also often include anti-malware protection, anti-spam abilities (if you host your own email), Internet content filtering and broadcasting for wireless Internet access.

A firewall is the most important piece of your business’ security technology. Underpowered firewalls or wrong configurations can leave your network and data exposed. Here are the common problems we see with firewall use, as well as best practices.

read more »

This is part 1 of a series on IT Self-Assessment for small businesses. We’re providing information and guidelines for a simple IT check, giving you the ability to gain free insights into how your technology can serve your  business better. Each post will cover a critical area of technology.

Security: Malware and Anti-Virus Protection Overview

Function & Value

Malware and Anti-Virus Protection is software that monitors individual PCs for viruses and other malicious programs that may attempt to invade or infect your network. This type of software regularly updates itself with the most recent information about viruses and malware. If it detects an intrusion, it responds by destroying or quarantining the virus, stopping it from infecting the PC or spreading to other computers.

Malware and Anti-Virus Protection functions like a security firm for your house. Its value is in preventing costly damage and disruption.

Let’s take a look at common problems and best practices in protecting your company from malware and viruses.

read more »

Twitter, media darling that it is right now, is logging a bit of bad press for having company documents stolen.

The short version is a hacker got into an employee’s web email account, and from there was able to access information stored in Twitter’s Google Apps account.

Depending on where you read the story, the spin is:

Twitter has serious security issues (partially true)
Cloud computing is unsafe (mostly false)
Someone needs a better password (clearly true)

The real lesson to be learned here is be extremely cautious with your email. Think about it. Virtually everything online is linked to your email account.

Are you equally vulnerable?

read more »

Smart phones are everywhere. In 2008, nearly 90% of respondents to a survey said they accessed email or company information on a smart phone purchased either by their company or themselves.

How many people in your company are now carrying emails, files, passwords and network access around with them 24×7?

Mobile connectivity increases responsiveness and productivity, but have you adequately addressed the security risks these devices bring?

The main risks you should be aware of are:

• A lost/stolen device or memory card with information stored on it
• A lost/stolen device with the ability to access the company network
• Interception of data over WiFi or 3G networks
• Interception of data over Bluetooth connections
• Departing employees with un-wiped mobile devices they personally own
• Lack of clear ownership of the phone number (if the phone itself is used for business)

What can you do to minimize these risks?

• Require passwords/PINs on all devices
• Use encryption for files and storage cards (this can require third party software)
• Restrict what software and which employees can connect to your network from a mobile device
• Use SSL encryption when setting up email accounts
• Use centralized solutions tied to your email/collaboration system that have remote-wipe capabilities
• Provide clear policies and training for your staff
• Include mobile devices with access in your end-of-employment security checklist
• Be sure you have ready access to carrier and account information

Are you aware of other risks or solutions when it comes to mobile devices?