Get in Touch

As an IT Managed Service Provider (MSP) we are regularly meeting with and consulting with various businesses in the SMB space. From manufacturers to not for profits, all declare that they are 'not tech savvy' people as they venture away from the comfort of what they know and understand. This self declaration often leads people into decision making patterns which greatly limit their capacity to make clear, confident decisions.

There are 3 common mistakes people make when evaluating and investing in technology and IT providers. All 3 ultimately stem from wanting to protect the business from being misled or oversold. All 3 however come from the false assumption that not being 'tech savvy' puts the buyer at a disadvantage. The truth is that investing in technology and/or a new provider is a business decision, not a technical one. As such, a business leader should be well equipped to make confident decisions provided they are put in the right context.

In this article we would like to highlight these common mistakes and our advice on how to overcome them.

 

Mistake #1

Not evaluating the value of the objectives in mind

Many businesses understand when they have a problem with IT, but fail to spend the time to evaluate what that problem means to the business. Likewise many business owners are aware of gaps in their providers services, but don't evaluate what the business is missing out on by those gaps not being filled.

Most often this is due to poor consulting & advisory services on the part of the IT provider. In any case, all business leaders should be able to ballpark the value of certain issues and lost opportunity. Failure to do so results in impossible decisions being made, often leading to under investment and ultimate failure of the initiative.

As an example, in a business with 20 staff, would you invest $50k to upgrade technology that will increase speeds and reduce user frustrations?

If your answer is a straight forward yes be sure to give us a call, but all jokes aside this is an impossible decision to make. What will the increased speeds mean? In what way does improving staff satisfaction improve the business? Without exploring these effects you cannot easily determine the right course of action.

As a consequence, many business leaders feel 'forced into' IT spending based more on the implied seriousness by the vendor, rather than quantifiable commercial measures. This commonly leads to the seeking of alternative quotes and lower cost implementations of the 'same thing'. Further complicating the decisions and leading to underwhelming results.

Alternatively, what if you were faced with a decision to invest $50k to upgrade technology that will allow you to save 30-40 hours a month of lost productivity, reduce staff turnover and attract top talent. What if those same improvements also allowed you to shorten turnaround times with clients, improve your customers experience and attract more referrals. Such a change could be worth $200,000 a year to the business, which would not only make this purchase a no brainer, but could warrant even more investment.

The point is you can't evaluate ROI without understanding the potential return. Not being tech savvy should not preclude you from making sound investment decisions.

We would recommend any organisation seeking to change provider or invest in a major upgrade to first spend some time with internal stakeholders brainstorming the 'what ifs' and benefits that would justify a change. This need only be a 30 minute meeting, but simply defining some goals will make evaluations significantly easier and more effective.

 

Mistake #2

Evaluating pricing irrespective of capabilities

It's amazing how often we get asked 'how much do you charge for your services?' before we have been asked anything about what our services are or include. It's unclear why this is but whatever the reason, it is generally counter productive.

Such questions further anchor the persons thought processes and lead them away from logical decision making. It is almost laughable when someone objects to higher pricing immediately following their negative review of the incumbent provider citing being poorly trained, poorly resourced and slow to respond to issues. In reality, skills, experience, and capacity are directly related to cost. Whilst sometimes possible, it's generally accepted that you need to invest more to get better outcomes.

Whether it be a new car, a kitchen appliance or a drink in a restaurant, it doesn't make sense to start with price. You should first assess what you need, find an option that best suits those needs and then be willing to make sacrifices depending on cost constraints and/or diminishing returns.

This behavior is a common cause for businesses repeating past mistakes. To reference one of the most misquoted and overused phrases in business; repeating the same thing over and over and expecting different results is the definition of insanity.

 

Mistake #3

Looking for similarities, not differentiation

It's incredibly common to hear that someone is looking to compare 'apples with apples'. This approach is undoubtedly taken to simplify decisions around complex offerings. This however is contrary to the fact that decisions are only made easier when there are clear differences between options. By restricting the scope to a set of common attributes, options tend to look very similar, making choices harder.

This also feeds the untrue narrative that all providers are kind of the same. As a result, many people believe MSP's are best evaluated according to comparable attributes such as price, company size, response times and industry experience. In reality these attributes are only indicators and have no direct effect on results, service quality or inherent capabilities.

Suppose you were after a new car with an automatic transmission, cruise control, reversing camera & automatic wipers. If you decided to blindly evaluate vehicles based on these attributes you would soon find yourself in a difficult situation. Compatible solutions could include compact hatches, SUV’s, vans, and luxury sedans. All things being equal you would only be left with price as an evaluator; most likely selecting the one just a little more than the cheapest. Congratulations, your new daily city driver is a commercial van.

Of course this example is a little ridiculous, but it hopefully provides an adequate analogy of how dangerous it can be to focus on minor factors. Instead you should look for differences in capabilities, approach and results delivered to customers as it pertains to what you are looking for. Rather than asking if they are familiar with Microsoft 365, ask what challenges they have seen clients have when adopting 365. Avoid easy to answer yes/no questions like 'can you help us with advice?' and instead ask what approach they would recommend towards creating an IT roadmap.

These sorts of questions will give some insight into the MSP's inherent capabilities and work culture. Just like interviewing for a new hire, you should focus on understanding their traits, personality and fit with your business rather than simply their quantifiable achievements.

 

Summary

In summary, all of the mistakes above are not exclusive to technology decisions, they are simply more common when people feel out of their element. Technical decisions are ultimately business decisions. If you're being presented recommendations in overly technical language and are finding it hard to make decisions, you may need to make a change to either your perceptions, or the provider you're working with.

At Sensible, one of our core value propositions is in helping businesses make better business decisions. There are several elements to our service delivery model that allow us to make this happen. If you would like to gain a different perspective or learn about how your business could work differently with an alternative approach to IT then please get in touch.

Simply give us a call or book a time directly here: https://calendly.com/ray-sweeney

As we are all still trying to understand what the lasting impact of the COVID-19 pandemic will be, many organisations are taking a hard look at their operating costs and looking for potential cuts. Protecting cash flow is vital right now. At Sensible we want to help you implement strategies that can help reduce your IT costs and set you up with a system flexible enough to support your business through the many changes (or pivots) you might be making to position yourselves to thrive through it all. We want to offer you guidance and support through these times, and potentially help you save some money.

Step 1- Do an Internal Audit

Take a look at your current technology solutions. Take stock of everything you are paying for and ask yourself these questions:

• Is this the right system for my business? Does it accomplish all I need it to?

• Are we currently utilising all the tools we are paying for? Can we cut any?

• Do we lack internal processes? Are there ways I can improve efficiency and save our employee’s time?

Step 2- Cut Any Redundant or Unnecessary Services

The easiest way to reduce costs is to get rid of what’s not working. Many companies have a habit of purchasing a new tool or service to meet an immediate need. Little do they know they usually already have a tool that could meet that need, it’s just not being used properly. Here is a free tip: Do you have Office 365? Most companies get this package so they can use programs like Word and Excel, but don’t fully utilise the other apps that come with it. Microsoft teams can easily replace Slack and Zoom, and Sharepoint or OneDrive can do the job of Google Drive and Dropbox. You’re already paying for Office 365, and the tools themselves are more powerful, providing integration of your information and files across all the apps. You might simply need some training or guidance on how to implement these tools into your business processes, and we can help with that.

Step 3- Evaluate Whether It’s Cost Effective to Manage Your Own IT

Is IT your core skill set? Will you ever be as efficient and skilled as a complete team of specialists? Often your time will be better spent doing what you are best at, then wasting countless hours trying to learn an entirely new skill set. Additionally, can you really afford not to do IT the right way? Payroll and training costs alone can be a nightmare. Outsourcing a portion of your IT needs to a 3rd party resource like Sensible can help you simultaneously improve your technology management, and potentially save money. If you’re currently relying on an internal IT manager or a small internal team, are they struggling to keep up with the tsunami of complex and ever-changing technology needs and services? Important competitive projects may be delayed while your team has to complete training, and you become the test environment for their new skills, increasing your risk. Sensible offers a full-service solution for your IT needs, resulting in a higher standard than most organisations can achieve in-house.

Step 4- Don’t Pay for Quick Fixes, Invest in A Reliable Solution

How does your current IT resource handle your technology needs? Are you currently working with a “break-fix” style of management, where you pay for problems as they occur whether or not they happened before? Or are you paying a predictable monthly fee for a process that analyses your business, looks for opportunities to improve your staff productivity and tries to prevent problems in the first place? We believe you should engage a provider like us, who trusts their systems to offer you unlimited support for a fixed fee. Those quick fixes add up quickly, and with the right solution, you can eliminate them.

Step 5- Plan for The Future, Secure Your Information

As we are working remotely, it is more imperative than ever to understand how to protect your data. Protecting your finances, your reputation, and your Intellectual property can be costly, mainly if not implemented properly. However, it is even more expensive if you don’t protect them adequately at all. Adhering to compliance regulations can be costly and often means implementing and maintaining a stringent security infrastructure- do you have the expertise to do this most cost-effectively?

We could cover many more steps to take, but these are the areas where we think you can make the most impact on you and your business. If you’re hesitant about tackling this problem on your own, that’s okay! We encourage you to contact Sensible. We can help you identify these problems and guide you on how to solve them. Give us a call!

As you begin to move your company away from a physical infrastructure and into the cloud, it's important to make sure that proper security policies are in place. While you may have a general information security policy, don't think that absolves your organisation from the need for a specific cloud security policy. The dangers that come along with using cloud software or infrastructure are markedly different than those of the typical security concerns encountered by most organisations.

1. The biggest risk for most cloud applications is a breach of the cloud provider's security. Your sensitive data could be leaked.

Take the recent Ashley Madison dating website hack - it is believed that 252,000 people in Sydney alone have had their private details leaked.

There is no real way to create a policy averting this risk, so the ideal solution is to look at things from the perspective of risk management—all cloud providers need to be evaluated for risk, based on their history, the architecture they use, stated security measures in place, and the value or risk of data being stored on that cloud platform. Do they encrypt their data? Do they offer dual factor authentication?

2. The second biggest risk for organisations is employee negligence and inappropriate cloud usage. Curbing this risk requires several steps. First is identifying a point person in your organisation, usually the IT manager, who will evaluate cloud services and approve or deny requests to use certain cloud providers. Next, employees need to be informed that they are not to use cloud services unless they have been vetted and approved by the point person. Third, employees need to be trained on how to identify security risks themselves. Finally, organisational data needs to be stratified by level of security it requires, so that cloud services can be evaluated for certain levels of security. For example, while one service may be perfectly fine to temporarily store or transport low–security information, it might not be secure enough for high–security information. Employees must be made aware that using cloud services is a major risk, and not to be done without authorisation.

All cloud policies should integrate a worst–case–scenario plan. This can include plenty of redundant backups in case the cloud service storing your data goes down. It should also include a communication plan to inform your clients and customers in the event of a security breach at your cloud service provider.

Cloud services can offer your business a lot of flexibility and significant savings, but unless they are approached in a methodical and cautious manner, they can result in significant risk. A good cloud service policy is the biggest step towards minimising this risk.

Contact your IT Manager to ensure they have implemented the right risk reduction techniques that put you back in control and let you implement and enforce the policies you want.

Life at Sony Pictures Entertainment Inc. is slowly getting back to normal after becoming the victim of one of the most malicious cyber attacks in history. Sony's employees arrived at the office on November 24, 2014, to find the image of a red skull on all of their computers. The foreboding image came with a warning saying that the company's secrets would soon be revealed.

As part of an investigation into the attack, the company discovered that hackers made off with more than 100 terabytes of confidential files. The attackers also deleted the original copies of these files and wiped Sony's internal data centers. They destroyed 75% of the company's servers and used file-sharing networks to publicly release a huge amount of the stolen information.

The list of released files featured corporate documents, private emails from Sony executives, and details about salaries and bonuses. It also included the usernames and passwords of hundreds of employees, as well as personal information, such as their social security numbers.

In addition, the attackers stole a number of movies that were scheduled for release in theaters during the 2014 holiday season. They posted these films online, hitting the company even harder.

Following the attack, Sony shut down nearly all of its global IT infrastructure. This left the company's employees without any voice mail, corporate email, or production systems.

Sony's problems didn't end with the attack on its systems. The hackers, calling themselves the "Guardians of Peace," threatened to attack theaters if Sony went ahead with its planned Christmas day release of "The Interview," a comedic movie depicting the assassination of North Korean leader Kim Jong Un.

Shaken by the security breach and the threat of attacks against theaters, the company initially decided to cancel the movie's release. A wave of criticism followed the move, and Sony was forced to change its stance. The movie was ultimately screened at a limited number of theaters, and made available online by the company.
The Hackers and Their Suspected Methods

It remains unclear exactly how the attackers managed to break into Sony's networks, though security experts suspect that a specific type of malware was used to steal the data and erase the original copies. It is believed that the attackers first stole the login credentials of a high-level systems administrator working in Sony's IT department. Using this information, they were able to access the company's entire network.

The US government has stated that it believes that North Korea was behind the attack, with the FBI releasing the IP range from which the attack originated, leaving little room for doubt as to the source.

Sony's Attempts to Regroup Following the Attack

Sony clearly didn't have a disaster recovery plan. After discovering that it had been hacked, the company shut down its entire local system, rendering its landline phones, computers and corporate email system inoperable.

The company's senior executives used a phone tree to relay updates from one person to the next. More than 6,000 employees were forced to use cell phones, Gmail accounts and notepads to remain operational. The payroll department had to use an old machine to manually issue paychecks instead of using its electronic direct deposit system. The company's network remained impaired for weeks.

A Long List of IT Failures

The attack on Sony exposed its poor cyber security practices. A lack of IT training, strong password protection protocols, and file encryption technology played a role in Sony's faulty operations.

The company's employees used easy-to-guess passwords, such as "password" and "s0ny123." The passwords, along with other important data, were all stored in one place. This made it remarkably easy for the hackers to gain access.

In addition, Sony executives sent plaintext passwords in unencrypted e-mails. The company also failed to encrypt sensitive materials related to some of its employees, such as salaries, revenue numbers, medical information, and strategic plans. Without encryption, this information was relatively simple to steal.

A large part of this IT mismanagement stemmed from a lack of knowledge and preparation. Sony failed to implement company-wide protection measures or develop an adequate computer training program for its employees.

According to the company's former employees, Sony repeatedly ignored warnings about specific vulnerabilities. While the company did carry out risk assessments, it rarely acted on them.

Physical security was another major problem for the company. According to a statement made by one of the alleged hackers, the company did not have the most basic physical security parameters like locked doors, CCTV cameras, or proximity card readers.

It appears that Sony also failed to protect itself against social engineering. Several media reports have suggested that the hackers tricked some executives into revealing passwords. The attackers also allegedly convinced some sympathetic employees to help them.

The Keys to Better Cyber Security

According to security experts, Sony's haphazard practices are commonplace in the corporate world. Both multinational conglomerates and small businesses are equally vulnerable in this regard. Abandoning these ineffective policies are crucial to securing a company's IT infrastructure.

Basic precautions are vital, especially when it comes to physical security. Even the little things, like failing to lock a door, can have a huge impact on cyber security.

Simple mistakes are prevalent in the digital world as well. These include using obvious passwords, repeating passwords, or sending passwords via email. Using encryption and password managers can help companies eliminate these costly errors.

Hackers are becoming more and more sophisticated in the level of their attacks. In light of these new and dangerous threats, companies must have up-to-date, comprehensive anti-malware and antivirus programs.

Finally, companies should educate their employees about IT. An awareness of these issues, along with the help of outside experts, goes a long way toward preventing attacks.

For those of you that know me, you will know that I am a massive football (soccer) fan.
So, when we were approached last year by their Chief Executive, Lyall Gorman, to assist the new Western Sydney Wanderers A-League club with their IT, I was chuffed.

This was a brand new business with no office location, no staff and no football team with the season kicking off in a matter of a few months.

Now look what s happened the impossible!

In their fairy-tale maiden season they finished as premiers of the league and have a fan base that is the envy of any sporting team.

Lyall s executive assistant, Fiona Gibson takes up the story:
It was in October last year that we gave our information technology requirements to Sensible Business Solutions. We were a brand new business in a competitive market and we just need our technology to work. Sensible understood our brief, took control and did everything, amidst the whirlwind of moving and fitting out a brand new office in Blacktown.

Kevin Spanner and his team at Sensible Business Solutions designed a full technology solution and undertook the project management of our new infrastructure.

The Sensible Project Team assisted the architects with office design, then set up our internet, network, all our servers, computers, photocopiers, messaging systems, membership photo ID system and scanning equipment. They managed contract negotiations for our phone and internet services, organised third party partners and liaised with site contacts.

We saved time because Kevin and the team were in the background sorting out any IT concerns and it was reassuring to know the expert team were in control. Sensible were given an up & running date and the team worked to enable the smooth operation of the set up so that we could continue business as usual and concentrate on our football operations. It was comforting to know that Kevin and the team were only a phone call away and always contactable.

The Sensible Team facilitated the smooth migration from our temporary office systems to our new environment which included all our email, files, settings and internet connectivity.
Sensible effortlessly co-ordinated this medium size enterprise environment with the extra challenges of a mobile workforce that need to connect to key systems internationally. Kevin and the team conducted our site relocation after hours so that we were able to finish work one afternoon and were up and running the next business day in the new environment.

The Sensible team have also been asked to provide an ongoing IT support service for our business, providing help desk and ongoing maintenance functions to keep our systems running optimally. This means that we can concentrate on running a football club and let someone who knows IT the best do the rest.

Sensible made our business their priority, making sure the project ran smoothly. We are glad they are the single point of contact for our entire IT and communications systems.

We like to think, that in a small way, we have helped the Western Sydney Wanderers achieve their amazing success.

Imagine what you could achieve with your business if you could focus on what you do best and have an experienced, full-service IT team with proven systems manage all of your IT operations?

If you would like us to take an obligation free look at your systems, call Sensible on 1300-SENSIBLE.

Kevin Spanner
CEO Sensible Business Solutions

Sales
Support
Email
Sensible Business Solutions © 2022 All Right Reserved
Privacy Policy
magnifiercrossmenuchevron-down