IT Outsourcing

May 6, 2020

Pros & Cons to the “Use-It-Or-Lose-It” IT Support Model

Posted by Deborah Frazier in INSI Articles

What is the “Use-It-or-Lose-It” IT Support Model?

The “Use-It-or-Lose-It” IT Support Model provides a fixed fee for a certain number of hours.  Subsequently, the hours are determined at 1/4 of an hour per workstation per month for a stable environment. Alternatively, the model can also be determined at 1/2 of an hour per workstation per month for an environment where the end-users are heavy computer users.  In addition, the client is charged an overage fee if they exceed the number of hours.

Positive Aspects About This Program

The “Use-It-or-Lose-It” IT Support Program is more sophisticated than the Adhoc or blocks of time I previously wrote about.  In fact, I really like this program.  Subsequently, the program is simple, reliable, straightforward, and honest.   Most importantly, these companies typically document the network, monitor the network infrastructure, and have staff on hand to respond to issues in a timely manner.

Negative Aspects About the Program

The only thing negative about this program is that the client bears the risk of cost.  For example, if they go over their numbers, they have to pay a hefty overage fee.  This can get quite expensive in the event of a server crash.  Similarly, if they don’t use all of their hours, they lose them.

Why Companies Choose the “Use-It-or-Lose-It” IT Support Program

SMBs like this program because it is stable and easy to manage.  In my experience, IT support companies who offer this service are typically small.  For this reason, it is ideal for a company with no strong growth plans, has a stable network, and does not have an overly complex environment.

A Better Alternative

A better alternative to “Use-It-Or-Lose-It” IT services, is INSI’s managed services or customized IT™.  INSI has a tiered structure that can offer decreased rates on 80% of the IT support issues without sacrificing quality.  This is because our tiered structure allows us to charge entry-level rates for entry-level tickets, which constitutes 80% of the IT support tickets.  Further, we can manage the entire environment, fill in the gaps for an internal IT team, or we can break out the services to the client’s exact needs.  Finally, we can do all this for a fixed fee.

Do You Want To Learn More About The Difference Between “Use-It-or-Lose-It” and INSI’s Customized IT™?

Go here to see the various types of IT support, their pros and cons, and great questions to ask the provider on each one.

In addition, if you would like to know more about this topic and how it affects you, visit Amazon or Barnes & Noble for a copy of the book IT Outsourcing Secrets – A Small Business Guide to Comparing IT Support Companies.

April 29, 2020

Why “Blocks of Time” IT Services Are So Dangerous!

Posted by Deborah Frazier in INSI Articles

What Are “Blocks of Time” IT Services?

“Blocks of Time” IT Service is an IT support agreement that allows the client to pay for IT support hours upfront at a highly discounted rate.  Subsequently, the more hours the client buys upfront, the cheaper the hourly rate.  In fact, discounts can be quite substantial.

On the surface, it appears to be a viable option for IT support.  However, upon closer examination, it can actually be more dangerous than ad hoc IT support.

Dangers of “Blocks of Time” IT Support

Imagine a situation where you pre-pay a home contractor for 60 hours.  As a result, the contractor agrees to be at your beck-and-call for any home repairs.  However, he makes the same agreement with 20 other homeowners.  A few months later a major storm hits, and you have a leak in your roof.  Therefore, you need help before more damage is done.  Unfortunately, the other nineteen customers also had problems with the storm.  Subsequently, the home contractor does not have enough bandwidth to respond to everyone’s needs in a timely manner.  Such is the danger for clients who buy Blocks of Time IT Support Services.

Interestingly, most industries who ask for payment in advance, do so to cover their out-of-pocket expenses.  However, this is not the case with IT support companies.  They need money when services are rendered to pay their employees.  Likewise, even the on-boarding is paid for by the client at the time of service.

The Risk to the IT Support Provider

Undoubtedly, the biggest challenge for companies who sell “blocks of time” IT support services is the liability of unused hours.  In fact, many of these companies’ hours never expire.  Yet, in the interim, a business must go on as usual.  For example, bills and salaries must be paid.  Therefore, the money could be long gone before the client ever calls in the hours that are owed to them.  For this reason, many of these companies do not stay in business long.

The Client Bares the Cost

The client bears all the burden when they purchase a block of hours.  Unless you want to sue, there is no way to recover your money if the service levels are poor.  Even then, many of these companies file bankruptcy and open their doors under another name.  In one case, I was approached by a company who was owed $32K in unused hours by their IT support provider.  Their provider’s owner got sick and he could not fulfill the agreement.  The client was actually negotiating on his provider’s behalf to buy the company, so they didn’t lose their money.  This wasn’t the first time I came across this situation, nor the last.

In addition, the entire program is reactionary.  This is an issue because these companies cannot staff appropriately for peak times.  In fact, most of the “Block of Time” IT Support companies are small.  For instance, they may have one technically strong engineer and a few entry-level technicians.  As there is not much management oversight since the technically strong engineer is putting out fires and the entry-level engineers are left to their own devices.

Unfortunately, it could take days for a client to get a returned call during peak times of the year. As a consequence to being understaffed, there is very little proactive support.  This leads to viruses, malicious attacks, and festering issues.  In the end, it is a trial by fire environment and the client is the one who pays for it.

Why Companies Choose “Blocks of Time”

Many small- and medium-sized businesses use “Blocks of Time” IT services in an effort to save money and control their cost.  As a matter of fact, you can buy hours for as little as $75.  Obviously, this seems really great on the surface, but it is actually quite dangerous.

Companies that use “Blocks of Time” IT services are at a high risk of viruses, failures, and hacks.  Subsequently, the combination of downtime and excess hours far outweigh the cost of a monthly contract with a reputable company.

A Better Alternative

A better alternative to “Blocks of Time” IT services, is INSI’s managed services or customized IT™.  INSI has a tiered structure that can offer decreased rates on 80% of the IT support issues without sacrificing quality.  This is because our tiered structure allows us to charge entry-level rates for entry-level tickets, which constitutes of 80% of the IT support tickets.  Further, we can manage the entire environment, fill in the gaps for an internal IT team, or we can break out the services to the client’s exact needs.  Finally, we can do all this for a fixed fee.

Do You Want To Learn More About The Difference Between “Blocks of Time” and INSI’s Customized IT™?

Go here to see the various types of IT support, their pros and cons, and great questions to ask the provider.

In addition, if you would like to know more about this topic and how it affects you, visit Amazon or Barnes & Noble for a copy of the book IT Outsourcing Secrets – A Small Business Guide to Comparing IT Support Companies.

 

 

April 28, 2020

6 Security Tips for the Unprecedented Remote Workforce!

Posted by Deborah Frazier in "How To" Articles

Remote Workforce Security Tips

Who would have suspected in February that, as early as March 18th we would all be working from home full-time, cyber-teaching our kids, and on government lock-down?  We are indeed working in unprecedented times.  Like it or not, it has indeed changed the way we see the world, both personally and professionally.

Remote Workforce Impact on Companies

While this time has been especially hard on each one of us as workers, it is equally as hard for companies.  Imagine not only having the responsibility of making enough profit to keep all workers on the payroll but also blindly trusting each worker to protect your company data in a different environment.

Unfortunately, one honest mistake could cost the company a fortune.  Therefore, the remote worker’s ignorance or unwillingness to adhere to cyber-security policies could negatively impact a company’s ability to stay afloat.  Clearly, these are trying times for all of us.  As a result, it is up to each one of us to do our part to keep our companies profitable.

Ways You Can Help Protect Your Company Data

There are several ways you can protect your companies data when working remotely.  This includes a combination of safe practices and good communication with your IT team.  After all, your IT team is always available to help you make the right decisions.  Below is a list of ways you can do your part to help protect the company’s data.

1. Use Your Company’s VPN When Working From Home

Interestingly, when you are at your office you are on a private network.  As a result, you can send and receive data without it going over the public Internet.  Likewise, remote users typically have access to a Virtual Private Network (VPN) that allows you to do the same remotely.  Obviously, this VPN is a major security vulnerability if you do not use a properly configured firewall.

So, how do you know if you are on your company’s VPN.  It’s simple.  You will know if you are using the VPN because you will access it under your Window’s Settings.  However, there may be several reasons your company does not have a VPN.  Examples include Software as a Service Applications, Office 365, and other secure data sharing.  Therefore, you should ask your IT department about VPN access if you do not see it as an option in your Windows Settings.  They will let you know if you need it or not.  If you do, make sure you always log on when performing work tasks.

2. Reach Out to Your IT Team Before Loading Software

Always remember that your computer is company property and it is is not yours to do with as you please.  Clearly, your IT team exists to both protect your company’s data and keep you productive.  Therefore, you should include them on any and all software download decisions.

Often times, free software is offered to exploit the end-user device.  When this happens, hackers access end-users’ computers as an entry point to all company data.  Therefore, if you download an infectious software, you are giving access to hackers.

3. Save All Work on Corporate Drives

If you’re like most people, you have lost an important file at some point in your life. Undoubtedly, even thinking about it will likely make your heart sink as you remember having to recreate it from scratch.  Now imagine losing all the files on your computer.  That’s the risk you take when you do not back up your files to the corporate drive.

Unfortunately, there are many things that can go wrong when an employee takes their computer home.  After all, you just don’t have the same protections.  For most companies, this includes everything from firewall protection to desktop backups, surge protectors, or even theft.  For this reason, it is vitally important that you store all your documents on the company drive and not your local hard drive.

At the corporate level, all your data is being backed up in case of a natural disaster, hackers, hard-drive failure, or theft. In fact, this is done on a nightly basis.  Yet, when you are not connected, everything is being stored on your local drive.  That’s why it is extremely important that all remote workers copy new files on the company drive every night before they quit work for the day.

4. Think Before You Click

It may be hard to believe, but nearly 95% of attacks on business networks are the result of successful phishing emails.  Even worse, the average cost to a mid-size company is $1.6 million.  This could come in the form of a text like smishing. It could be a targeted attack, that appears to come from a trusted source, like spear phishing.  Yet, they can even come from a trusted friend or acquaintance.   The best thing you can do is to get educated on what a phishing email looks like and how to spot them.

Unfortunately, once a hacker is let into the system, they remain undetected for nearly 9 months on average.  Imagine the damage that a hacker can do in 9 months with unlimited access to all corporate data. Yikes!  Therefore, it is vitally important you get educated on what to look for and what to avoid.  Not just as a remote worker, but for all times.

5. Do Not Share Your Devices at Home

Sometimes it may seem harmless to share your work computer with your children or your spouse.  However, when you do this, you are risking the companies data.  Incidentally, no one ever purposely downloaded a virus.  Rather, they unknowingly visit questionable sites, click on phishing emails, and download infected games.  In the end, the company pays the price and you are the one who gets blamed. Therefore, when you work from home, make sure your family uses their own devices, not your companies assets.

6. Lock Devices When Unattended

It may surprise you to know that even in your own home, your work computer might not be safe.  In fact, anyone who has been in technology long enough can tell countless stories of company devices being improperly used at remote user’s homes.  For instance, one person’s roommate sent out a company-wide email claiming that person was having an affair with the Vice President.  On another occasion, a teenage son accessed his father’s computer, who was a doctor, to prescribe narcotics.  However, the cutest remote working story was when a toddler fell on a keyboard and accidentally sent the father’s venting message to the CEO.  Consequently, it was a message the father hadn’t actually intended to send.

Those are just a few examples of things gone wrong when a computer is left unattended.  Therefore, the best practice is to lock your computer when you leave it unattended.  Another great idea is to set automatic time-outs in the Window’s Settings.

When in Doubt Ask Your IT Department!

Your IT team is here to help.  Whenever you have a question, issue, or problem with your teleworker’s technology, it is best to reach out to them right away.  Most importantly, do not wait until things are out of hand before you contact them.  They want to know what is going on so that they can guide you in the right direction.

INSI is Here to Protect You!

This post is part of the INSI Awareness Campaign that is designed to keep our clients protected and informed.  In addition, you can click here to learn more about our security offerings.

Most importantly, if you are an INSI client and are concerned about remote workforce technology, please do not hesitate to contact our helpdesk at 770-387-2424.  Our engineers are more than happy to guide you on safe technology practices.  After all, we are here to serve you!

April 22, 2020

How To Protect Your Company From Spear Phishing!

Posted by Deborah Frazier in "How To" Articles

Spear Phishing and How to Protect Your Company

Spear Phishing is a major issue causing small and medium-sized businesses billions of dollars in fraud.  Find out what it is and how you can protect yourself from it.

Example of Spear Phishing

Pam is the Director of Marketing for an international firm.  Recently she received an email from the CEO.  In the email, the CEO asked her to purchase ten $100 Walmart gift cards.  Further, the email stated that the gift cards were a reward for her team doing a good job on a recent project.  Certainly, Pam was thrilled the CEO called her for such an important task.

Quickly, Pam ran down to Walmart and purchased 10 gift cards.  Shen then followed the instructions and emailed him both the gift card and pin numbers.  Unfortunately, the expense was flagged and Pam found out she was a victim of a Spear Phishing attack.

What is Spear Phishing?

Spear phishing is when someone uses a false identity to target an individual.  Subsequently, the sender always appears to be a well known and trusted source. For example, it could appear to come from the target’s executive, boss, or trusted business partner.  As expected, it always involves money or clicking a link.  The most common include:

  1. Brand Impersonation – When a hacker impersonates a well-known company.  One popular example of this is an email from a financial institute that claims there is an issue with your account.  These emails look very legitimate.  The most common are emails from Microsoft or Apple stating there is an issue with your account.
  2. Business Email Compromise AKA CEO Fraud – This is when someone impersonates a C-level executive and requests the sender to wire money, transfer funds, or buy something like gift cards.
  3. Blackmail Scams – When someone claims to have compromising information on you and threaten to expose you if you do not pay them.

How Do These Scams Work?

Scammers are smart.  For instance, with Brand Impersonation or Business Email Compromise: they research the business, their employees, types of transactions, and those in authority.  Next, they establish an email address that is similar to one of the authority figures.  Finally, they email an employee with access to funds or company credit cards and request something that would not be suspicious or questioned by that employee.  On the other hand, Blackmail Scams cast out a wide net in hopes to catch more prey.

7 Technologies That Can Protect Your Company

Clearly, hackers understand the general user’s weaknesses and how to exploit them.  Therefore, the first step to eliminating this threat is to implement some basic technology tools.  After all, if the end-user never receives the email, there is no way they can click on a bad link or respond to it.

  1. Artificial Intelligence Tools – Machine learning tools can analyze abnormalities and filter those emails.
  2. Spam Filtering – Spam filtering will help detect any malware embedded in the email, filter suspicious emails, and identify the origin country of the email.
  3. Antivirus – Antivirus will help detect and filter any viruses.
  4. DMark Authenticating – This technology authenticates the phishing email and puts it into the spam folder or rejects it.
  5. Email Encryption – Email encryption allows you to send and receive sensitive information over the Internet.
  6. Multi-Factor Authentication – This technology requires two pieces of identification to access company data.
  7. Desktop Monitoring – Desktop monitoring will keep your patches and updates current to keep hackers from accessing your email accounts.

5 Employee Training Tips on Spear Phishing

No matter what you do, some emails will still get through.  Therefore, your greatest defense is to train your end-users.  Make sure your employees follow the directions below before acting on anything that requests some form of sensitive information:

  1. The most important advice you can give to an employee is to study the sender’s email address.  Often times, it is a single letter added or missing to the person’s name or domain.  Do not click or act on anything until verified.
  2. Make sure the employee verifies the domain name of the sender.  Do not click or act on anything until verified.
  3. Make sure all employees know that any request to spend money will come from company email addresses, not a personal email address.  Do not click or act on anything until verified.
  4. Train employees to report any questionable phishing emails, texts, or voice mails to your IT department.
  5. Tell the employees, “When in doubt: ask.”  Make sure they are not apprehensive about verifying an email from anyone in your company.  Including the CEO.

INSI is Here to Protect You!

This post is part of the INSI Awareness Campaign that is designed to keep our clients protected and informed.  In addition, you can click here to learn more about our security offerings.

Most importantly, if you are concerned about a spear-phishing email, please do not hesitate to contact our helpdesk at 770-387-2424 before opening it.  Our engineers are more than happy to check it out and make sure it is safe.  After all, we are here to serve you!

April 15, 2020

The IT Maturity Level of the MSP Determines Your Service Quality!

Posted by Deborah Frazier in INSI Articles

Bringing it All Together – People, Processes, and Technology

In my last seven posts, I went into great detail about the areas where IT support companies often fail.  To summarize, they include a variety of issues surrounding people, processes, and technology.

Therefore, if a failure occurs in any one of these areas, your IT support services will be negatively impacted.  That is why you need to know their capabilities BEFORE you choose an IT support company.  Without a doubt, it all starts with their IT maturity level.

Definition of IT Maturity Level

What is an IT Maturity Level?  Simply put, it is the ability of an IT organization to deliver exceptional service and continuously improve its performance.  Subsequently, there are several IT Maturity Models on the market.  However, I think the one that best suits MSPs is the Gartner Self-Assessment Tool.  Moreover, this model measures the IT maturity level in regard to infrastructure and operations.  How?  First of all, it ties together the three pillars of success: people, processes, and technology.  Second, it transfers them into a mechanism for continuous improvement.

Unquestionably, you will receive better service with a company that is focused on continuous improvement.  Therefore, why pay the same amount for a company that is just winging it?

How is the IT Maturity Level Measured?

Is the IT maturity level measured in years, processes, experience, or a combination?  I have been in this industry for nearly 20 years.  During that time I have seen many MSPs come and go in a variety of ways.  For example, I have seen MSPs who went international, sold, stayed stagnant, closed their doors, and even a few who grew and shrank over and over again.  Undoubtedly, it was clear to me, and others in the industry, why some were successful and others weren’t.  Hence, it all had to do with where they were on the IT maturity scale.

Let’s take a look at the Gartner Self-assessment Tool:

  • Level 1 Awareness – At this stage, the company is reactive and fighting fires all day long.  They have no defined processes or technology tools to help them provide consistent service.
  • Level 2 Committed – The MSP starts to invest in industry best practices and initiate formal processes.  They start to invest in a robust ticketing system, network monitoring tools, and asset tracking.
  • Level 3 Proactive – It is not enough to have the technology tools, the MSP must also program them for continuous improvement.  For example, use the ticketing system to measure key performance indicators and implement processes to overcome areas of weakness such as preventive maintenance.  In addition, there is a focus on hiring the right engineering talent that can follow processes, communicate well, and has great problem-solving abilities.
  • Level 4 Service-Aligned – At this level, the MSP is a trusted business advisor.  As such, they have all their people, technology, and processes in place.  As a result, they are have improved customer support, talent utilization, and decision-making capabilities.
  • Level 5 Business Partner – Finally, the MSP is at a stage where they are forward-thinking and they are discovering new ways to help their clients meet their goals through technology.

As you can see, the more mature the organization is, the better the service you will receive.  Therefore, it is imperative to understand what stage the provider is at in the IT maturity model.

Why Do So Many IT Support Companies Fail

Unfortunately, it is not enough to have bright engineers.  After all, starting an IT support company is expensive, and it takes years before they make a profit. The engineers know the right concepts, but without the tools, they can’t measure up. So, when an engineer starts their own business, they try to get by on a shoestring budget believing they are so smart that their clients will put up with it. They find the cheapest tools to manage, monitor and support their clients. However, in the end, the client gets cheap results. So, if you are wondering why your service levels are not consistent, this is likely one of the root causes!

INSI Has Invested in a Strong IT Maturity Model

INSI has invested in technology tools, processes, and people to deliver a higher quality of service.  In fact, our main measurement of quality is client satisfaction.  In addition, we used a tiered approach to deliver customized programs while decreasing 80% of the IT support costs.  To find out more, click here or call us at 770-387-2424.

Click here to see a webinar on What a Mature IT Organization Looks Like and watch at your own convenience.

Do You Want To Learn More About IT Processes?

This information is part of what is covered in my book, IT Outsourcing Secrets.  If you would like to know more about this topic and how it affects you, visit Amazon or Barnes & Noble for a copy of the book IT Outsourcing Secrets – A Small Business Guide to Comparing IT Support Companies.

 

1 2 3 4 5 6

© INSI IT. All Rights Reserved