Getting Your House in Order as You Move from Recovery to Operations

The recovery is coming. Slowly but surely, businesses are trying to get back to normal and focusing on a strong year-end and a better 2021. But before you do, it may be time for a bit of self-reflection. Things have been great for so long, you may have gotten a bit complacent, milking growth and living as usual. But the shock to the system provided by the recent pandemic and lockdowns may be a sign that it’s time to think of your next steps.

Following our last article on some of the technological challenges you may run into during the process of phasing in employees and restarting your business, we would today like to explore some of the ways to clear a path for takeoff.

From managing your current financials to planning for a variety of scenarios over the next 3-6 months to exploring ways you can modify your operations to focus on business transformation, smart decisions early on can go a long way in establishing resiliency at your business. Today, we discuss some of the steps you can take to fortify your business against present and future threats.

Take a Deep Look at Your Business

Hard times create or reward strong business models. It’s a lot harder to see gaps in your business when things are going well. With GDP growth more than 4 percent in the past few years, growth just came naturally. But the past few months presented economic adversity for the first time in a while.

Lessons Learned from Two Decades Back

Think back to the dot-com bubble, a time when internet companies could essentially launch a website, prove growth, and have investors beating on their doors. Especially during the ramp-up, no one really looked at how these companies spent their money. But when reality hit, it hit hard.

But take a look at some of the notable companies at the heart of the bubble, many of these companies had good ideas. While there were a lot of questionable ones, there were also a lot of players before the crash that delivered services you don’t think twice about using today. You could just as easily be watching your favorite gamer streaming on pseudo.com, posting hot takes to theGlobe, holding virtual meetings on Radvision, or connecting with suppliers on Traxex, VerticalNet, or PFSweb.

Part of this boom was built on impressions. Rather than focusing efforts on delivering for customers, improving (or even building) the product, or investing in talent, these companies put more effort into hosting lavish parties to announce the launch.

The crash hit and within months, tech companies either ended up folding, getting acquired for pennies on the dollar, or going under the radar for a while to focus on value. It resulted in the move to agile in the space, and set up a lot of case studies for the last decade of tech companies to learn from.

The Same Goes Today

Even if you’re not in the tech space, the lessons from the dot-com bubble still hold true. Smart, future-proof strategies and good business models are timeless. Being able to understand your business, deliver results, and focus on what improves both is critical.

Forging into a Recovery Starts with a Better Understanding

The challenges presented during the lockdowns have probably put stress on your company. Money may be tight, and it may feel like you’re starting all over again. So where do you begin?

Assess Your Business Model

One of the first steps as you push towards a new business model is to look at how everything about your business works together, determining if you need to make any changes in processes. Start with the key performance indicators that define success and tailor your business around improving specific models.

Not sure where to begin? Check out these guides including Key Performance Indicators for Manufacturing and Key Performance Indicators for Distribution. From here, take steps to establish change management metrics. Is a customer segment looking more lucrative in the next few years? Now is the time to make the pivot to serve them.

Ensure the Financials Are Ready for Anything

One of the hardest parts of the recovery process? No one knows the degree or speed of the bounce back. Business owners sound optimistic, but you can’t assume that. Begin by planning around a few recovery models in the second half of the year, running analyses that include acceleration, slowdowns, and consistent revenue flows.

Depending on how things look at your business, this is also the time to look at funding options. Maybe this includes renegotiating credit agreements, seeking new funding or credit, or finding grants.

Take a Look at Your Revenue Model

Paired with the aforementioned business model analysis, you may also want to look at the way your goods and services are sold and offered. Is there a way to make the money go further? Would a change in pricing model help you spur your recovery? These and other approaches need to be aligned with your business goals and put you in a position to achieve them.

Consider a Technological Update

Whether it’s measuring KPIs, planning and analysis built on a variety of scenarios, or understanding what’s working at your business, the right technology can go a long way in taking you there. Not only does it deliver more powerful analysis, it’s also a switch that might be easier now. People have already spent the last few months changing the way they work around the business, so why not offer a change that will help them do more?

Learn More: Five Companies Who Kept Their Business Running Smoothly

Despite the move from lockdown to reality looking less like flipping the switch and more like accelerating, resilient businesses who turned to the cloud either before or during the lockdown have been reaping the rewards. A recent Acumatica blog discussed how some of the companies who did embrace the cloud made it work.

Ready to learn more about empowering your employees no matter where they stand? Read How 5 Acumatica Customers Keep Business Running Smoothly from Anywhere, download the free IDC report discussing how the cloud enables business resiliency, and contact us for more information.

Gaining Momentum before the Recovery: Preparing for a Safe Return to Work

The last few months have been, for lack of a better term, a wild ride. This isn’t to discount the challenges that you, your family, your employees, and your business have faced, but when you look at things like the stock market, retail spending, and confidence reports, there is optimism for the post-lockdown world. But you didn’t get this far in your career through blind faith in macroeconomic trends or surveys. You know that success is built on pragmatism, planning, and performance.

Your Journey Back to Business as “Usual”

Understandably, the same goes for your business’s recovery plan. There are many steps you’ll need to take to combine planning with action, optimism with caution, and the safety of your workers with the sustainability of your business.

Rather than thinking about the speed with which you get back to full capacity, you need to think about the steps involved and explore how to efficiently take such steps. Can you afford to take the step today or will you have to wait another month? Can you readjust your office to fit ten more people, or will that put them at risk? Should you go so far as to change your business model, pricing strategy, or vendor relationships? All valuable questions you need to ask.

That said, there’s not exactly a lot of time to ask them. Lockdowns could have lasted for months longer than they did, which would have put you in a different position than you are today. But with even slow-to-recover states jumping on board with the recovery, it’s safe to assume that you can start opening your doors to a few more employees, customers, and dollars.

So, as phases go from two to three or three to four, how can you build up your momentum while keeping a wary eye on your business to avoid any backsliding? Today, we explore a few tips for making that a reality.

Technical Challenges That May Emerge During Phased Reentry

The last thing anyone needs right now is a second lockdown. With articles coming out predicting that to be the case, your number one priority should be to avoid letting your workplace become ground zero for a new outbreak. From cleaning to distancing, you will need to take steps to prevent this.

This starts with the adoption of new practices focused on a combination of cleaning (removes dirt and germs), disinfecting (kills the germs), and sanitizing (lowers the number of germs). Develop a regimen that involves each. Learn more about some of the practices from the CDC.

Whether it’s a change in work schedule, a new floor plan, or temporary closure of common areas, communicate with your staff how their lives will change. No more water cooler (literally or figuratively), no more coffeepot, and maybe even a reimagined break process.

Technical Challenge: Hybrid Work-From-Home and a Single Source of Truth

The most likely scenario will be a phased recovery plan that allows for some employees to work from the office and others to work from home. In turn, for those companies using desktop software or who relied on limited access to software over the last few months may face challenges when half the office is back at the office. This may result in delayed decisions or slower processing—as those at the office have the instantaneous processing and those still at home might be minutes (or more) behind.

Technical Challenge: Easier to Call in Sick—But What About the Hardware?

When the first symptom is a dry cough, it’s better to be cautious. Luckily, we’ve gotten accustomed to working from home, so for most businesses, it’s okay to be overly cautious and allow sick days. Ensure you’ve communicated explicitly about how employees should report to human resources if they become sick or start experiencing any symptoms.

Unfortunately, for those legacy companies who had to buy new laptops or take hardware home to access on-premises software, this makes for a challenging time. Employees probably had to bring back the devices they used—and now those whose cough might have simply been the result of cold are left out of the loop. Luckily, for those companies in the cloud, it’s simply log in and go.

Learn More: Five Companies Who Kept Their Business Running Smoothly

Despite the move from lockdown to reality looking less like flipping the switch and more like accelerating, resilient businesses who turned to the cloud either before or during the lockdown have been reaping the rewards. A recent Acumatica blog discussed how some of the companies who did embrace the cloud made it work.

For example, C&O Nursery improved customer relationships without missing a beat.

“Before, if we were out in the field and a grower said, ‘By the way, do we have XYZ variety?’, we would call into the office. Now that we’re cloud based, we can actually log in, look at our inventory, and answer that person within about three minutes with an accurate answer,” says CEO and President Todd Snyder in the company’s customer success story.

Ready to learn more about empowering your employees no matter where they stand? Read How 5 Acumatica Customers Keep Business Running Smoothly from Anywhere, download the free IDC report discussing how the cloud enables business resiliency, and contact us for more information.

Additional Acumatica Resources

What is the Total Economic Impact of Your ERP?

ERP Evaluation Checklist: 5 Important Things to Consider

Why Every IT Executive Needs Cloud ERP Software

Summer Storms Shouldn’t Take Down Your Servers

Summer means power outages. That can mean a data center outage; but it shouldn’t. All businesses should have appropriate disaster recovery plans to keep them functioning through power outages and other incidents that take down systems.

A disaster recovery plan includes the steps needed to bring information systems back online, but it isn’t just a copy of the daily runbook. The plan needs to document:

  • Inventory of systems affected. Both hardware and software resources should be identified.
  • Risk assessment and prioritization. Some systems can have downtime without major impact on the business; others serve critical business functions and need minimal downtime. Analysis should rate each system’s level of risk and its importance to the business.
  • Recovery objectives. “As soon as possible” is not specific enough guidance for the IT team. In order to appropriately design a recovery procedure, the business should define a recovery time objective (RTO) and recovery point objective (RPO) for each application. These numbers tell the IT team how long an application can be down and how much data the business can afford to lose. With those numbers in mind, the technology team can implement high availability and backup solutions appropriate to the business needs. Without those numbers, IT has no choice but to overspend and provide high availability to all applications or underspend and fail to provide applications the support they need.
  • Recovery procedures. Because teams shouldn’t need to scramble to figure out what to do in the middle of a crisis, the plan should include specific details of the recovery process. It’s particularly vital to include dependencies to ensure systems are brought up in the appropriate sequence. Also critical is documenting the process to check out the restored servers and verify that they’re up and operational with the correct data.
  • Recovery personnel. Include a list of key contacts and their backups. Also document responsibilities, including who has the all-important authority to invoke the recovery plan.
  • Fallback process. Recovery may include bringing systems up at another location; eventually, they need to be restored to the normal production servers. In many ways, this process is the same as the recovery process, just to a different set of machines, but any special considerations should be noted.
  • Impacts on business processes. It’s possible that some recovery procedures will change the way the business needs to perform certain operations. For instance, you may opt not to have secondary servers for a low-priority process and to switch to a manual process in case of failure.

Once the recovery plan is developed, it needs to be tested to ensure that it works. It’s surprising how easy it is to leave important systems and important steps out of the plan! Only testing can provide the reassurance that the plan will be effective. Tests can be as simple as a tabletop read-through, but full-scale disaster simulations that execute the documented processes are the most robust way to test a disaster recovery plan.

Finally, the plan needs to be kept up to date to reflect changes in IT resources and business processes. It’s a good idea to update the plan as part of your change management process whenever a new system or device is deployed in production. Annual reviews, coordinated with an annual test, are also effective.

For more guidance on developing an effective disaster recovery strategy, contact CCS Technology Group.

Additional Disaster Recovery Resources

5 Disaster Recovery Disasters to Avoid

Make Sure Your Disaster Recovery Plan Isn’t Just Words on Paper

Craft An Effective Disaster Recovery Plan

Searching the Dark Web Should be Part of Your Information Security Strategy

Peering into dark corners can be scary, especially when it’s the dark corners of the web. If you’re concerned about whether company data has been exposed on the dark web, you have to go looking for it, but you need to do it carefully. There won’t be blinking signs lighting the way to your stolen info, and if you aren’t careful, you can even draw unwanted attention. Nevertheless, there’s more risk in ignoring the shadows than in checking to see what they’re hiding. Here are some things to keep in mind:

Checking the dark web lets you know if you’ve been victimized

Every business is vulnerable to attack, but it isn’t always obvious that an attack was successful. Because hackers often post stolen data on the dark web, finding it there confirms that you’ve been attacked and lets you know what sensitive data was taken. You can then focus your security efforts to change those stolen passwords and increase security where you were vulnerable. While some of that new security is reactive, knowing what’s on the dark web can identify new threats and let you be proactive in adding security measures, too.

It isn’t easy to find your data

There’s all kinds of stolen data available on the dark web, but it isn’t easy to access or to identify where it came from. In addition, there may be data about your business on the dark web that wasn’t stolen but can still make you more vulnerable to attack. Some data on the dark web may even be completely innocuous. You can easily waste a lot of time trying to find data and then figure out whether what you found is significant.

You can make yourself more vulnerable when you explore the dark web

The queries you do when you search the dark web can leave a trail the bad guys can analyze to learn more about your IT resources. It’s important to be smart about exploring the dark web to make sure you learn more than you reveal.

What are the kinds of things you should look for on the dark web? You’ll want to search for data that reveals the inner workings of your business, plus sensitive information about customers. This includes data about your executives, including their personal information and information about their activity outside of work. Customer data, including personal data and account information, is also online. In addition to data about people, there may be data about systems, including helpful hints on how to set up fraudulent accounts or bypass security measures.

You may want to look for more than lists including name, address, account number; there’s code on the dark web, so it’s worth looking for proprietary source code along with other intellectual property.

Protect Your Business With CCS Technology Group

Protecting your business requires knowing what data has made its way onto the dark web. CCS Technology Group’s dark web scan provides a safe way to peer into dangerous places on the web and gather the insights you need to protect yourself from further damage. Contact us to learn more about why exploring the dark web should be part of your cybersecurity strategy.

Additional Dark Web Resources

Is the Dark Web All Bad?

Discover the Dangers of the Dark Web

What is the Dark Web and Why Should We Care?

Decision Maker’s Guide to Vetting and Selecting an ERP Solution

Following our articles discussing the challenges that growing businesses face when using desktop accounting software when they should be embracing ERP, we would today like to explore a few tips to make the selection and decision process easier.

Catch up with our accounting to ERP series by reading our latest posts: The Hassles of Using Desktop Software in a Socially Distanced Business, Never Let a QuickBooks File Size Hold You Back: Grow with Confidence in the Cloud, and Are QuickBooks Workarounds Putting Your Business at Risk?

It Starts with Getting Users on Board

Getting from accounting software to ERP is rarely an easy task. Your people are used to a specific operating environment. The workarounds that we mentioned in our last blog have become a way of life. Your employees, who may be resistant to change, will say that the hiccups and hassles are just ‘quirks’.

However, this is a challenge you can overcome. Getting users on board starts with talking to them about their opinions and thoughts on how to better the current processes. Find out what the pain points are from each department that uses the current accounting software, evaluate which software and users would be brought into a larger ERP solution, and ask how you can help.

This will help you to not only drive the point home that there are better solutions out there, but will also inform your decision.

Use the Pain Points as a Guideline

With so many solutions available to you, the number of options available to you may seem overwhelming. This is even harder for companies who haven’t gone about a move from single-focused products to comprehensive solutions. It may feel like every product is better, but few are perfect.

Some solutions are better tailored to your processes than others, some have a flatter learning curve, and others deliver more customization and configuration. With user critiques in mind, you have a reasonably nebulous picture of your needs, and can generally piece together a dozen options.

Take Advice

ERP is a big market and in turn has spawned its own cottage industry of analysts and review sites whose goal is to help you understand your move. These companies are built on their word, and take steps to minimize bias, vet reviews, and take their own approach to evaluating solutions.

In jour journey from accounting software to ERP, you’re going to want to take the advice of the analyst reports and reviews to understand metrics for evaluation, reasons behind the decision, and recommendations from those who are in the know.

Analyst Reports

In the same manner that software vendors compete for customers, analyst firms need to provide value for those who pay to commission or reproduce the report. Often, this means that each analyst firm will take a unique approach to the way they look at software using clearly defined metrics to create an apples to apples comparison. Additionally, these reports often discuss broader market trends that can be used to understand which platform fits into their criteria.

Here are just a couple examples:

  • IDC MarketScape Reports: Compares vendors on their capabilities and strategies to determine which vendors are leaders, major players, contenders, and participants. Their recent report, Worldwide SaaS and Cloud-Enabled Operational ERP Applications 2019 Vendor Assessment, evaluated 14 firms and provided in-depth analysis of each. Read more about this report here.
  • ERP Technology Value Matrix: Written to evaluate vendors on two criteria (usability and functionality), the ERP Value Matrix explains how easy it is to get up and running with a solution and how much it delivers. Written by Nucleus Research, this can help you understand whether the software has a steep learning curve and whether or not it makes your job easier. Read more about this report here.
  • Gartner Magic Quadrant: A report on the health and future of the ERP vendors you’re evaluating, this takes a broader view of the companies themselves, looking 15 criteria to determine a company’s ability to execute and completeness of vision. Get to know more about the latest Gartner Magic Quadrant here.

User Reviews

Though your processes may be unique in total, it’s likely that each process has been tackled by a system before. With thousands of companies having used each of the solutions you’re looking at, it shouldn’t be hard to see if a solution has been configured to the way you work. This is where user reviews come in.

User reviews are vetted for accuracy and honesty, often discussing the company’s journey to the solution and aftereffects of installing. Here are just a few places to look:

Bonus: Analysis Based on User Sentiment

One analyst firm went further, consolidating user reviews to create an emotional footprint, exploring how well a company delivers on user expectation. The Info-Tech Enterprise Resource Planning Emotional Footprint Report provides a comprehensive evaluation of popular products in the Enterprise Resource Planning market. This buyer’s guide is designed to help prospective purchasers make better decisions by leveraging the experiences of real users. Learn more about this report and download it here.

Test the Solution

Given that most ERPs do most basic business processes equally well, the important functionality differentiators are at the fringes – those functions and needs that pertain to your industry and your specific business. But the best way to see what this means is to get in the weeds.

Separate out and review the systems that have a solution for your industry. There are a number of software selection services and websites available that can help you whittle your list of candidate systems down from hundreds to a manageable handful. Your goal at this stage is to identify your “short list” of no more than 3 to 5 candidate systems that fit your needs. You should be able to do that in your review of the systems targeted at your industry.

After cutting down your list, begin to explore product demos. Discuss with your vendor and potential partner the things you want to see in a demo including the most important functions so that anyone who might use a product can see it in real time. You’re in control here, so ensure that before the demonstrator leaves, they show you everything you need to see.

Seek out a Partner

If you’ve made it this far, there’s one more decision to make—who’s going to help you get up and running. Though many ERP vendors offer internal implementation teams, these are rarely the top-tier partners for your business.

The implementation partner industry is built on personalization, local service, and customer focus. As they have dedicated teams to implement and support customers, these partners often make it easier to implement, configure, and tailor your solution than the internal vendor resources. For example, companies like Acumatica rely exclusively on a partner network to do this work, focusing the internal teams on innovation and giving you the focus that you can only get from a local partner.

The Right Partner Helps You Go Further: Just Call CCS

When companies move from accounting software to ERP, they are making a big decision that will impact the next decade of operations. The right partner can build, configure, and deliver the solution you need now and in the future, and if you’re looking for a local partner with the skills and expertise to make your ERP journey a reality, look no further than CCS Technology.

We were founded on the principle that technology should make it easier to run your business, and have spent our time in this industry ensuring our clients realize this.

We invite you to learn more about your journey from entry level to the cloud by reading Seven Signs You Need ERP Software5 Benefits of ERP for Accounting and Financial Management, and How to Improve Efficiency with a New ERP Solution. Read to learn even more? Contact us for a free consultation.

Avoiding an Implementation Plot Twist: Beware the ERP Predator

Whether you have kids or just enjoy movies from Disney and Pixar (don’t lie), you’ve probably seen a trend in their story writing over the last decade, the twist villain. The twist villain (surprise antagonist) trope exists when a character is expected to aid the heroes, only to show their true face later in the movie. From Charles Muntz in the movie Up to Hans in Frozen or Lotso in Toy Story 3, these characters were made to subvert expectations.

A well-executed twist villain delivers an exciting surprise for viewers. A poorly executed one was either far-too-obvious, weakly written, or both.

“That’s great and all,” you may be telling yourself, “but what does this have to do with IT services or ERP implementations?” A lot more than you think. ERP implementations are already risky, stress-filled, and costly enough when everything goes smoothly. But now, imagine that the company you trusted to improve your business starts to hit you with surprises, predatory practices, and traps that you weren’t prepared for.

Analyst Report Asks: Partner or Predator?

While this is great for a movie villain, it’s not so great when your ERP vendor or partner—companies you intend to work with for the better part of a decade—flip the script. If your goal is to avoid surprises, you need to be able to tell who’s looking out for your best interests before you even reach Act I.

Luckily, a recent report from Techventive, Inc. set out to show you some of the best and worst practices that potential technology partners may practice so that you can enjoy a plot twist-free ERP project.

Cultural Fit: An Often-Overlooked Factor in ERP Decisions

When you’re looking at ERP, you have a lot of questions to ask. Does the software do what it’s supposed to? Is it easy to learn? Does the vendor put a lot of effort into improving the software? Is it going to help us remain compliant? You might even look at the history and financial stability of the company to know whether they will be around.

Unfortunately, many overlook how a company acts towards its customers, developers, and channel, leaving decision makers blindsided and projects in limbo.

The Face of a Predator

Like the twist villain, the true face never shows until later in the story. In Toy Story 3, Lotso was simply a soft and soft-spoken bear who managed the toys at the daycare—until the truth was revealed that he had a dictatorial rule over the toys. Much like his backstory, your vendor may appear friendly, but deeply rooted in the company culture is a dark truth.

Techventive notes that you should look at the following four areas and ask whether the following are true:

  • Pricing Problems: Is the vendor reluctant to discuss prices until late in the buying cycle? Are the prices only available after signing a non-disclosure agreement? Have customers reported that these prices change frequently—either in the form of insane discounts during the first year, price increases that exceed business growth, or pricing that never seems to come down even if it should?
  • Usage Audit Aggressiveness: Does your vendor aggressively audit its customers’ usage? Many do—and it’s not to protect themselves. In fact, one of the largest vendors has a separate sales unit whose only goal is to push additional products when they see infractions.
  • Contract Confusion: Contracts are essential to the purchase, but not every contract is created equal. Too often, a predatory vendors true colors shine when it’s time to sign—and you’re presented with a hundred-plus page contract rife with ambiguous terms and the right to change their end through unilateral updates.
  • A Legacy of Litigation: Contract lawyers know everything in their contract and put it there for a reason. If a vendor is writing a 100-page contract that is going to change constantly, it exists because of precedent and power. Many clauses were likely added after these companies were sued for their own failures and are used to ensure the same thing doesn’t happen again.

Looking at each of the above factors, how many of these are you going to see during the early phases of your selection process? One? You can look up court filings—if the lawsuit didn’t end up getting settled or dismissed in arbitration. The rest only come up after you’ve put hundreds of hours and thousands of dollars into the selection process.

How to Avoid Becoming Prey

The thing about predators? Their priority is their next meal. These are the kind of companies who want a short-term relationship with your company—but a long-term one with your checkbook. Partners, on the other hand, work hard to prove themselves to you day in and day out.

Whether it’s something as simple as providing transparent pricing in the early stages, writing a service-level agreement that puts customers in control, or has actively built a customer-focused culture, these companies talk the talk and walk the walk.

Acumatica and CCS: Your Partners for the Long Road Ahead

Surprises are great in movies. Conflict is a necessary plot driver, and you pay to see a hero triumph over adversity.

But these are the last things you need in an ERP implementation project. Surprises turn into missed deadlines, cost overruns, and poor performance. Conflict often results in legally binding decisions, and the implementation process itself already gives you enough adversity. An ERP decision is already an exciting time for your firm—you don’t need it to be any more intense than it already is.

If you’re seeking a vendor who walks the walk—and a channel partner who’s committed to delivering on their promises, look no further than Acumatica and CCS Technology Group. When you partner with Acumatica, you know what you’re going to get—it’s enshrined in their Customer Bill of Rights.

When you entrust CCS Technology Group to get you there, you can expect IT support that’s responsive, effective and convenient. After all, technology should make it easier to run your business. We believe in only making promises we can keep, building trust in every interaction, and consistently evolving to better serve you. It’s these core principles that have gotten us here, and these core principles that will help us last for decades to come.

We invite you to download the entire Partner or Predator report here, read about how Acumatica makes good on their promises by reading their Customer Bill of Rights, and get to know about other firms who have made the move.

Contact us to learn more or see a demo of Acumatica.

Two Numbers to Keep in Mind When You Think About Information Security

Any business that still thinks it doesn’t need to invest in information security needs to take a moment and consider two numbers:

  • When a test placed a new server online, it took only 52 seconds before hackers attacked it.
  • The average cost of a data breach in the United States is $8.19 million.

Can you afford to lose more than eight million dollars in under a minute? No matter what your business is, it’s at risk, and protecting networks, data, servers, and other corporate IT resources need to be a priority.

Developing an effective information security strategy is complicated. To get started, focus on critical categories:

1. Credentials

Credentials are the keys to the kingdom, so keeping them safe is priority one. This is both a technological and a human factors problem. You can use technology to require strong passwords, to implement two-factor authentication, to limit privileged access, and to leverage role based accessed controls, among other methods, to ensure that credentials are assigned, protected, and verified. Users need ongoing training in safe computing, to ensure they know how to create and protect passwords, use mobile devices safely, and avoid falling for phishing emails.

2. Data

While some hackers are intent on destruction, most are after data. Make sure data is protected both at rest and in transit through strong encryption. In addition, protect your data from ransomware by implementing a reliable backup and recovery process. You can also consider using tools such as data loss prevention software and cloud access security brokers to stop data from sneaking outside your corporate network.

3. Servers

Servers are most often vulnerable because they’re using out of date software that hasn’t been patched. For security reasons, it’s important to use supported software and to apply all vendor patches as soon as possible after they’re released.

4. Network

The network is where intruders find the front door to your systems. Firewalls and other tools help keep hackers out. Other tools, like data loss prevention software, help keep important data in. Your internal network design is also an important security measure; proper segmentation and use of internal firewalls can keep intruders who make it inside your perimeter from accessing the most sensitive data.

5. Cloud

More and more company IT resources reside outside the corporate walls and in the cloud. Keeping data in the cloud secure requires action by the cloud provider and also by the data owner. Improper cloud configurations can accidentally make data publicly accessible. Consider using a cloud access security broker as an additional control over access to data in the cloud.

Don’t Get Caught Playing Catch-Up With Your IT Security

CCS Technology Group offers information security services to help businesses reduce the potential risks and costs of a data breach. Contact us to learn how we can help you protect your data.

5 Cloud Migration Mistakes to Avoid

Getting to cloud successfully can be a big challenge. Increase the chances of success by taking steps to avoid these mistakes when you plan your cloud migration:

1. Thinking too small

Migrating a workload to the cloud requires understanding that workload in detail, but it’s a mistake to focus only on individual applications or datasets. All of your cloud migration work should be guided by an overall cloud strategy. The strategy should determine how you select cloud resources and ensure that your end state in the cloud is efficient from both a technology and a spending perspective.

2. Thinking too big

Attempting to migrate all your data at once or starting with your mission-critical application is likely to run into obstacles your team doesn’t have the skills to handle, at least at first. It’s better to begin with smaller datasets and less important applications that allow your team to gain familiarity and expertise in the cloud with relatively low risk.

3. Forgetting about security

Don’t forget that you are responsible for the security of your data in the cloud, and don’t plan to add security after the migration is over. Before you migrate a single byte of data or line of code, you should have an understanding of the security capabilities in your cloud and the risks you face. Configurations should be set up with appropriate security from the beginning.

4. Forgetting about the network

Too much of cloud talk is about hardware and software, but your access to those resources depends on the network. You can experience performance and security issues related to the network that connects your users to your cloud, as well as the network connecting resources internal to the cloud. Understand these issues and take the network into consideration when you architect for security and performance.

5. Mimicking your on-premises environment

Lift-and-shift is certainly a legitimate approach to cloud migration, and can be the most expedient and speediest approach to the cloud. However, lift-and-shift shouldn’t mean that you don’t tailor your cloud environment to the demands of your application. You also still need to be conscious that cloud can require changes to configurations, monitoring, and security, even if the workload’s overall architecture isn’t altered.

Learn more in Choose the Right Approach for Moving Applications to the Cloud.

Another big mistake? Thinking training your team provides the expertise needed to succeed in cloud. While training your team is an absolute necessity, becoming comfortable with cloud and developing a true cloud mindset requires more than a few hours of classroom training. It requires time working with cloud, experiencing and overcoming challenges. Instead of relying on your team’s book learning to guide your adjustment to cloud, it’s often better to bring in a team that’s already experienced in cloud. They can make sure the cloud journey succeeds while your team learns from them and goes solo only when they’ve got the skills needed to keep your business operations in the cloud successful.

Contact CCS Technology Group to learn how our IT consulting and managed cloud services can help you plan and execute a successful cloud migration.

Additional Cloud Resources

4 Solutions for Performance Problems in the Cloud

Calculating the ROI of Moving to the Cloud

9 Ways to Get Cloud Costs Under Control

Five Tips for Working in the In-Between

We’ve reached an in-between status of this quarantine. Businesses are starting to open back up (with restrictions), but a lot of employees are finding themselves in an awkward spot between working in the office and remaining at home. Doctors are utilizing video and tele-conference appointments but are holding office hours to see patients and perform “elective” surgeries. Companies are requesting that their employees work from home, if possible, but they’re relaxing requirements for coming back into the office. Other organizations are welcoming people back from tele-worker status to full in-office expectations.

With “in-between” operations, we’ve helped our clients through a few technology hiccups and wanted to help you avoid them too. Here are the top five things you need to know when working from wherever you’re expected to be.

1. The Power of the Web App

The majority of business applications have some type of web version. You don’t have to have the software installed on your system to be effective. While you may not be able to use every aspect of the software (higher processing functions may be limited to the desktop version), test out online versions. This is particularly effective if you’re trying to use a laptop or device with a much smaller hard drive in a remote working environment. For example, you can get to your current emails without storing your past five years of email history on your system’s limited disc space. When using a web app, install two-factor authentication wherever possible to maximize security.

2. A Note on External Hard Drives

First came the punch card, then tape and the floppy disc; now if you want portable physical data storage, it’s all about external hard drives (USB). They are a fantastic way to easily transport data from one place to another, but there are two precautions:

  • Hackers love to stash USB drives places just hoping that people will pick them up, get excited, plug them in, and then infect their computer and network. Moral of the story, only trust USB drives that you are familiar with.
  • If you are transitioning between a Mac and a Windows system or vice versa, there is a very high likelihood that your external hard drive will not work on both. Hard drives are configured to be read on one type of device, and you usually have to delete the drive to re-configure it to work on another type of system.

3. Maximize the Cloud

We firmly believe in the cloud for document storage, backup purposes, and accessing line of business applications. When it comes to document storage specifically:

  • Selective Sync Will Save You. If you already have large files stored in your Dropbox/Anchor/Google Drive/SharePoint, you don’t want your system trying to sync all of it to your hard drive for space, time, and speed considerations. Select only the folders that you’ll be using on a regular basis. The rest of the data will be accessible in the cloud. The online-only feature is also particularly helpful.
  • Follow basic sharing rules. Pay attention to read-only or editable sharing links. If you want someone to collaborate, make sure you give them the right to edit. When sharing, you can share a file or a folder. If you share a folder, bear in mind the recipient will have access to everything currently in the folder, as well as everything you add to it later. Never delete files that you did not create. It’s entirely possible that you delete the file for everyone while attempting to simply delete it from your system.

Learn more in Why SMBs Should Upgrade to the Cloud.

4. Security

Your safety is our biggest concern whether you’re working in the office, at home or a mixture. In order to remain secure, invest in:

  • Enterprise-level security: Install an enterprise-grade firewall, anti-virus, and monitoring system on every computer.
  • Two-Factor Authentication: Like we mentioned above, enable two-factor authentication wherever possible.
  • Complex Passwords: When you’re utilizing multiple systems, you may feel tempted to simplify your passwords because you’ll be logging in numerous times. Instead, store your credentials in a password vault to protect all of your passwords, and rotate your passwords regularly.

Learn more in Closing Common Cybersecurity Holes.

5. Backup, Backup, and More Backup

We have seen a surge in interrupted power and Internet connections, particularly with people working from home. Nothing is more frustrating than losing all of your work right in the middle of a project.

  • Install a battery backup on any mission critical system (AKA anything you’re using for work). This will kick over and maintain power in case of a surge, and keep you running for hours in the event of a longer outage.
  • Ensure that your laptops remain fully charged. The myth that you can overcharge and shortcut long-term battery life is completely false. Most laptops today have lithium ion batteries and have an internal circuit to stop the charging process when full-charged. Charge away!

Deploy an effective network-wide backup solution so that you can restore data whether you lose a single file due to an employee mistake or lose a significant amount of data in the case of a disaster or breach.

Learn more about our disaster recovery services.

Additional Work From Home Resources

8 Practices for Safe Computing When Employees Work at Home

5 Tips for Successfully Working from Home

7 Necessities Before Sending Your Workforce Remote

How Do We Make This Work? 5 Ways to Adapt in this New Work World

You’ve probably grown tired of hearing the words “adjusting to the new normal.” Unfortunately, though, there’s really no other way to say it. This pandemic has permanently changed our work environment, whether you’re already back in the office or remain in quarantine for several more weeks. We must create a new normal for how we work, manage network security, and maintain productivity across a more widespread team.

For example, a client earlier this week asked with their employees working from home, how are they supposed to ensure HIPAA compliance? What if someone innocently leaves the computer screen open, or takes a note with a patient’s name and walks away from the notebook? Here’s how we recommend redefining work parameters to create the greatest opportunity for compliance and security in all work situations.

1. No personal systems

If you allow your staff to utilize their personal systems to work, store company data, and interact with customers, you’re just asking for a data breach. First, you have no control over that system. You can’t log in to perform updates, ensure it has the latest virus definitions, or wipe it if they left the company or were terminated. Second, they are probably not running the strongest virus protection, intrusion prevention, and monitoring. Supply systems that meet minimum standards. Some companies have sent employees home with their work equipment. As long as it’s properly documented, this is a safer bet than letting someone go rogue (intentionally or unintentionally) on an un-managed personal machine.

2. Clear Expectations

There is a difference between working from home and lounging on the couch in your pajamas getting work done. If you’re expecting people to be effective remote workers, set clear expectations for their work setup and communicate clearly. For example:

  • Do they need an office with a door that closes?
  • Can they utilize their cell phone for business calls or do they need a VoIP/softphone tied into your network?
  • How often do you expect them to check in on a daily basis?
  • If you can’t get a hold of them immediately, how long do they have to respond?
  • Can they attend meetings via phone, or is video required?
  • How do they connect to your secure information? VPN? Firewall?

3. Signed Employee Agreement

Whether you expect remote work to be a temporary situation or believe it’s a permanent shift, put in place a clear remote worker agreement. It should lay out all of the expectations that we listed above. If you’re expecting employees back in the office, reiterate the temporary nature of the arrangement. If it’s a trial, state that. Working from home is one of those things that seems really appealing at the beginning, but depending on the worker, it may or may not be effective. As the employer, you want to maintain the option to bring them back into the office, if necessary.

4. Regular Communication

We recommend touching base via video at least once a day and having one other scheduled touchpoint – video, phone, email recap, something that is scheduled and required for each and every employee, whether they’re on-site or remote. You cannot underestimate the power of water cooler conversation throughout the day, so you need to find some way to replace that in order to keep your employees engaged and effective.

One of the ways we do this is by opening each meeting with a “good thing.” Every team member shares something good (personal/professional) happening in their lives. When you’re in the thick of it, sometimes it’s hard to come up with something good; but it sets a positive tone for the meeting and allows you to get to know a little bit more about your staff. We also encourage shenanigans more than usual. Perhaps set up a chat feed for funny memes, allow people to use filters on their video calls, just something that brings a little levity and lets people connect outside of their daily tasks.

One of our favorite collaboration tools is Microsoft Teams. Microsoft Teams is cloud-based team collaboration software that is part of the Office 365 suite. It brings everything together in a shared workspace where you can chat, video/audio conference, share files, and work with business applications.

5. Effective Administration

Ultimately, adapting to this new normal is all about effective administration. Have the right policies in place, communicate the standards and expectations, follow-up with your employees, partner with an MSP that specializes in creating secure, remote workspaces.

Together, we’ll continue creating this new normal. That’s where we come in. Whatever your IT challenges, we bring 280+ years of experience and expertise. Contact us to learn more.

Additional Work From Home Resources

8 Practices for Safe Computing When Employees Work at Home

5 Tips for Successfully Working from Home

7 Necessities Before Sending Your Workforce Remote