Uncategorized
When IT triumphs, business triumphs. Learn how adopting a world-class IT strategy can help your local SMB succeed.
ThrottleNet proudly operates on a system of principles that delivers world class IT services and support for your local business. “World class IT” might sound like a vague term, but it actually refers to a well-defined framework outlined by author Peter A. High in his 2009 IT management book, “World Class IT: Why Businesses Succeed When IT Triumphs”.
Here are the five main principles of World Class IT and how ThrottleNet delivers these benefits to small and medium-sized businesses right here in St. Louis.
#1 People and IT Expertise –
“People form the foundation of an organization. Without the right people doing the right jobs at the right time, it is difficult to achieve excellent performance.”
With the brainpower we have in place, you can be sure your technology matches your business goals. At ThrottleNet we are committed to recruiting, training and continually educating world class employees in every sense of the word. Just as you are the expert in your business, we are experts in ours. Our specialists in Managed Network, IT Support, Security, and business IT consulting are not only gifted in their respective fields, but they are creative problem solvers with exceptional attention for details others overlook. Seriously, this is an impressive team of IT leaders.
#2 Infrastructure –
“Infrastructure distinguishes between a reactive organization and a proactive one. If software, hardware, networks, and so on are not performing consistently, the IT organization will become lodged in reactive mode. If the infrastructure works reliably, then a greater percentage of the organization can think about the future.”
Better IT does not always mean more technology. It means having the right technology and managing it properly. Instead of installing technology just for technology’s sake, ThrottleNet takes a strategic approach to your IT. Strategic IT solutions don’t have to be complex; they just have to be customized to meet the specific IT needs of your business.
We start with an objective assessment of your infrastructure and make qualified recommendations to meet your business requirement objectives. We evaluate each network, storage, and computing solution’s ability to help your business streamline processes, keep data secure, and be more profitable. Whether you choose to have your technology infrastructure locally maintained or operate through a cloud service, we will walk every step with you along the way to see your business technology implementation succeed.
In short, our business is helping your business.
#3 Project Management & Portfolio Experience –
“Through Project and portfolio management new capabilities can emerge within the company. It is important to ensure that the portfolio collectively supports the goals of the business and that projects are delivered on time and on budget.”
ThrottleNet has been succeeding alongside our clients for going on twenty years. Nearly two decades of experience adds up to much more than fun stories to tell around the campfire. We have learned a lot about project management and what it takes to run a long-term IT strategy that drives success for small and mid-sized companies.
We’ve even developed some areas of deep vertical expertise, including the Financial, Healthcare, Manufacturing, Real Estate, Legal and Not-for-Profit industries. These aren’t the only types of companies we serve (not by a long shot), but through working with many clients in these industries over the years we have gained an in-depth knowledge of their common needs, regulatory environments, end users, business structure and culture, and velocity of change.
Our ability to align technology with your business needs isn’t just a promise; it’s backed by client success stories, awards and our partnerships with the top hardware and business application providers.
#4 Partnerships, Collaboration and Compliance –
“IT and business partnerships are vital. It is the IT executive’s role to ensure that different groups within IT function as a team, communicating efficiently and effectively. It is equally important that IT develop partnering relationships with executive management, lines of business and key business functions to ensure ownership of and success for IT initiatives.”
Speaking of partnerships, we understand that strategic alliances are intended to achieve greater impact than any organization can achieve on its own. Whatever your industry, we have technology partnerships in place to assist in planning, procurement, implementation and the continuous improvement of your IT solutions. Our hardware, software, and security solution partners are vetted extensively to meet our strict set of standards, as is our commitment to compliance for the following regulations:
- Sarbanes-Oxley Act (SOX)
- SEC Requirements
- Governance, Risk Management & Compliance (GRC)
- The Health Portability and Accounting Act (HIPAA)
#5 Your Success Is Our Business –
“External partnerships are important as outsourcing becomes more common. By contributing to the discussion about business strategy, IT is in a strong position to determine which aspects of IT are best handled by external partners. Further, IT must be adept at managing those relationships to be sure the company gains the expected value from its outsourcing activity.”
As a successful company, you use a variety of professional services and trust they will provide reliable, cost effective solutions. Our goal as your external, outsourced IT partner is to provide you with a fully resourced, full-time IT department to keep your network running and protect against data loss, so you can focus on what you do best – running your business. Our services and solutions are architected to have a transformative impact to businesses through our unwavering commitment to always do the right thing for our clients, our people and our communities.
To sum it all up:
ThrottleNet provides world class IT management and security solutions tailored to the unique needs and business objectives of SMBs. Contact us to set up a free consultation and find out how we can help keep your network running smoothly and to protect it from external and internal threats so you can focus on growing your business.
And that can be risky business.
As cybercrime continues to rise and business processes become even more technology and data dependent, you’re probably making a significant investment in protecting your technology infrastructure and company data from unforeseen disasters of the natural or human engineered variety. Unfortunately, no matter how much you’re spending on security measures, it’s possible, even probable, that you’re not as protected or as prepared as you’d like to be for a crisis such as a network failure or data breach. It’s more than the loss of return on your investment; it could be a loss of your data and business continuity.
We’re not saying that you or your IT professionals are making poor decisions about what technology and security features are purchased or installed. That might be true, in which case you definitely need to stop reading right now and give us a call, but quite often the gap between what you’re paying for and what you’re getting is simply because the device or subscription you purchased hasn’t been properly set up for maximum protection.
For instance, you most likely know that a firewall is a necessary component of your security plan. You might not know exactly what it does, but you know what it prevents: cybersecurity risks. And it’s a safe bet that the firewall you now have installed was selected based on the features it included and what it promised to protect against. However, those features add up to nothing but a false sense of security if they aren’t enabled and properly configured.
Then there’s email. You know that everyone in your organization is bombarded every day with email. But some of what your employees are getting in their “in” box needs to be filtered “out” to eliminate the malware and phishing attacks that are an inevitable part of that email bombardment. Did you know that spam filtering can do a lot more than just putting some emails in your Spam folder? There’s a whole range of configuration options included in Advanced Spam Filtering and Advanced Threat Protection to help you avoid falling prey to phishing, malicious clicks, and downloads. That’s great news if you’re actually using them.
Here are a dozen of the most common security solutions and features that we often see being underutilized or improperly configured. Want to know if you’re getting your money’s worth out of your security solutions? ThrottleNet knows, and we can tell you all about it when you call (866) 826-5966 or you can use this handy contact form.)
#1 Content Filtering – This feature uses your firewall to restrict access to any executables, emails, or websites that may be harmful if opened. You can also set filters to prevent access to certain types of content like pornography, gambling, or video sharing. You could even block social media sites, but we don’t know why you’d want to do a thing like that. We post some really good stuff to Facebook and Twitter, and you wouldn’t want people to miss out on that, would you?
#2 Intrusion Detection and Protection – Because cyberattacks can compromise your network in something close to real time, it’s not enough to just have reports or even alerts that tell you when suspicious code patterns or signatures are detected. You need a layer of protection that can block traffic from malicious sites or even interrupt the internet connection to halt transfer of code. Properly configured, the Detection and Protection combination takes a preemptive approach to detecting attacks and stopping them before they infiltrate your network.
#3 Deep Packet Inspection (DPI) –You’ve probably noticed that more URLs now begin with “https.” There are a lot of reasons that https protocols are a good thing, but without Deep Packet Inspection it can let hackers go “undercover” and slip through your firewall. That’s because your firewall’s default settings won’t allow the content on a “secure” site to be decrypted, so it sees “https” and thinks, “Hey, I’m not allowed to look at that, but it says it’s secure, so we’ll just let it through.” Of course, just because it’s a secure site doesn’t mean that the code that site is transmitting is safe. Deep Packet Inspection, or “DPI Over SSL” functionality allows all web content to be inspected to prevent malicious code from getting through. Think of this option as giving your firewall a pair of x-ray glasses that can see even the most hidden threats to things like your essential business data.
#4 Custom Filter Policies – The default policy for suspicious emails is usually just to send it to the “Spam” folder, which doesn’t guarantee it won’t get opened by some curious or naïve soul who just has to know why “Sandburg Sheryl” is emailing them about “Actionable Intelligence.” (That email is sitting in my Spam folder right now, totally not kidding.) A better solution is to take advantage of the Advanced Spam Filtering options to aggressively quarantine or immediately delete the worst suspects. You can also set filter policies to forward suspicious messages to a separate email account for review.
Not only should you set your company-wide filters specifically for the best practices of your company and your industry, you can also set custom policies that apply only to certain users, groups, or domains within your organization.
#5 Language and Location Filtering – These options allow you to set policies for emails written in a particular language or originating from a geo-specific locale. We’re not prejudiced, but we know that a disproportionate percentage of attacks do coordinate from certain countries. So, if you believe these emails carry a higher risk of malicious attachments or malware you can set them to be deleted, quarantined, or forwarded to an administrator email. After all, it’s better to be safe than sorry.
#6 Detonation Chamber Setting – Many spam filtering solutions now include the option to open suspicious email attachments and execute applications or URL requests in “dynamic execution environments.” It’s kind of like opening a possible bomb in the safety of outer space without having to leave your desk to do it. These isolated execution environments allow you to determine whether or not the attachment or application contains malicious code without exposing your network.
#7 Full-Disk Encryption – You probably have your devices password protected, but if the data on those devices is not encrypted a thief can easily bypass the password requirement by booting off of a USB drive or removing the hard drive and connecting it to an unlocked device. Full-disk encryption (FDE) works by automatically converting the data on your hard drive into a format that cannot be read without an authentication key. This won’t add a step for anyone unlocking the device with the proper password, but will protect the hard drive from being deciphered by anyone else. Current Apple and Microsoft operating systems both include full disk encryption as an option, called FileVault and BitLocker respectively, but the function must be enabled and configured for your device to be protected.
#8 Backup Monitoring – Your monitoring service probably has the capability to do more than just reassure you that the backup was performed. You may also have the ability to set real-time alerts for backup failures and use backup details to identify the performance of your backup and protect against bottlenecks and slow backup times. And, because you never know what files you’re going to need next week or next year it is also wise to have reports on the backup status of every folder and file rather than just the files scheduled for backup. That way if files have been omitted, either by design or because of a system error, you can take action to make sure your data is backed up properly.
#9 System Image Backups – Speaking of files and folders, did you realize that most backup configurations only back up your data? So, imagine for one brief, terrifying moment what happens when your server dies or gets hit with something like CryptoLocker and goes toxic on you. Of course, you have your data, but how are you going to use that data without your software? If you did a System Image Backup, you could just restore to an uncompromised machine, and you’re back in business. If you didn’t, it might take a little (or a lot) longer.
#10 Off-Site Redundancy – While we imagine things that can happen, but hope they never do, let’s say you were choosing a parachute or a safety harness. Something your life depends on. You wouldn’t choose a design with what engineers call a “single point of failure,” would you? Because if that single point of failure fails you’re dead.
A backup plan that parks all your data on a local server is designed with a single point of failure. If your only backup lives on your server and your server gets hit, it really won’t matter if you backed up all your files, or if you did a System Image Backup, because you won’t be able to restore that data anyway. And while your life may not depend on it, your business probably does. Moving your back up to an off-site location like the cloud means that nightmare won’t happen to you.
#11 Web Threat Shield – It kind of sounds like something a Star Trek actor would yell right before the whole crew almost bites the big one, doesn’t it? Well, it isn’t designed to save your bacon in deep space, but it does give your System Administrator the ability to better protect you from attacks in “web space.” Basically, it lets them use a global site manager interface to perform an in-depth risk evaluation that audits websites based on their reputation, history, and association with other internet objects and can override or enhance default security function based on that assessment.
#12 Enforced Password Policy – We know all the usual gripes about Password Policies. Who really enjoys having to reset their password or keep track of random strings of letters and characters? But before you give in to the preference for convenience over security, check out GRC’s Interactive Brute Force Password “Search Space” Calculator to see how long your average user passwords would likely hold out against a concentrated hack attack.
Enterprise email providers give the System Administrator the option to establish and enforce a Password Policy. This allows you to require passwords to be reset at certain intervals, dictate how complex (length, special characters, and alphanumeric combinations) passwords must be, and limit how often an old password can be used. You can also set a Password Audit Policy to allow you to track all password changes.
You can take your password security to an even higher level by enabling multifactor authentication and/or biometrics. That extra effort might make the difference between success and failure for a would-be hacker and between security and a major headache for you.
This list doesn’t cover all of the cybersecurity measures we review and monitor, not by a long stretch. But it gives you a good idea of the “usual suspects” that are most likely to be unused, underused, or misused.
Before you give the command to “enable everything we’ve got,” remember that configuration is not as simple as just turning those features to “on.” That’s why our team of IT+Security Professionals start every client onboard process with a full review (we mean a deep inside and out inspection) of existing infrastructure – hardware and software – as well as a hard look at your usage patterns and business objectives.
To integrate properly, the settings need to be customized according to your particular hardware and software solutions as well as your business needs and processes. While most hardware and software comes with installation instructions, those instructions can’t take your full security strategy or business needs into consideration. Even an IT or Security provider may not take the time or have the expertise to audit all of your solutions to make sure they’re working seamlessly. That’s where the + matters in IT+ Security. We know what you’ve got (and what you need) as well as the expertise to know how it all has to work together for business continuity.
Because businesses become more and more dependent on technology, and since the bad guys both keep getting smarter (and yes, we know they aren’t all “guys”), this isn’t a “fix it and forget it” solution. Regular monitoring and review are a must to keep your defense game strong. Which is, you guessed it, where ThrottleNet can make sure your business uptime is all the time.
Contact us or call (866) 826-5966 to learn more.
The Power of the “+” – Making a secure connection between hardware, software, and your invaluable data.
In today’s tech environment IT Management and Security Management have become not only interdependent, but inseparable.
—-
Whether you’re at your desk, in the car, or enjoying a meal at the kitchen table, you’re surrounded by technology. It’s everywhere. There are all the things you can see such as computers and phones and even thermostats. Then there are the apps, programs and web extensions, the technology required to make all these things work but which you can’t necessarily see.
All of those things are intrinsically interwoven and interdependent. And all of those things have security implications, especially in business. Because any device that is connected to the internet, whether it’s a business technology or a toaster oven, can act as a gateway to your data for hackers, malware and viruses.
Of course, in business the thing we are most dependent on is data. We’re talking about the ability to create data, work with data, preserve data, access data, and most of all, the ability to protect and secure that data.
How real is that threat? It’s scary real. In fact, according to Varonis Data Lab, over “58% of companies have over 100,000 folders open to everyone” and the 2018 Cost of a Data Breach study reported that the global average cost to a company experiencing a breach of data is $3.86 million.
That’s why we say “IT+Security equals business continuity.” Because unless your IT management and your Security management have the same hand-in-glove relationship that your physical devices and the programs that run them have with each other and with the internet, you expose your business to unnecessary levels of risk.
You know the perils of poor IT Management. Slow connections, frozen screens, devices that won’t talk to each other, staff downtime, angry clients and customers who are far from being happy with you. If you’re not experiencing any of these pains it’s easy to be lulled into thinking that everything is working as designed. But just because it’s working today doesn’t mean it’s supportable for the future, or that it’s secure. Hardly.
You might not know the perils of poor Security Management until you’re hit with a ransomware demand or a call from an angry customer who has just learned that their Personally Identifiable Information has been leaked. Or you may never know that the reason your competition is always one step ahead of you or is systematically calling on all your top clients is because they’ve had a pipeline into your customer data. (You’ve never thought of your competition as a security threat? Now you know.)
The truth is that nearly everything your IT Manager does impacts Security. Every device, every software license, every new user setup has configuration options that must be managed strategically and precisely. You know we’re always diligent about those details whether you’re hiring us to manage your security or not. But there are some real advantages to having one provider in charge of IT+Security, as well as some real risks to essential business assets such as data if the two are not in sync.
Consistency in configuration and documentation
While there may be situations where the right hand should not know what the left hand is doing, your business technology is not one of them. When it comes to IT+ Security, the more each “hand” knows about what the other one is doing the more secure your business becomes.
As more and more business processes have become technology-dependent, the technology itself in turn has become more complex to meet those demands. Configuration options have become more nuanced, and the ideal configuration for any device or program will depend on a master strategy for optimizing the network performance and security. Each choice or change in configuration must be documented both to prevent future changes being made that negate the benefits of what is implemented today and to allow the fastest response to any IT or Security issue. Having multiple providers trying to collaborate over separate strategies and levels of documentation can create inconsistencies and leave gaps where security threats can easily slip right in.
It’s important that both your IT Manager and your Security Manger understand your individual business structure. Some of the biggest risk factors we’ve seen were created because one or both providers failed to understand the needs of the business or failed to understand the other provider’s strategy and solutions. It’s not uncommon for one vendor to implement their solution without fully comprehending the configurations the other vendor has put in place, or more importantly, the reasoning behind that configuration.
So, a solution that one vendor puts in place might not be wrong in and of itself, but it could violate the security of the entire network because it wasn’t compatible with what was already in place.
However, when your IT+ Security experts play on the same team you know they’re working together to create an optimal tech solution and environment for you. In addition, they’re also working from a single strategy and communicating with each other to make sure that strategy is seamless and protects things such as business data.
Multiple experts, single point of accountability
Certainly you need IT experts. And you need security experts. What you don’t need is to spend your time going back and forth between the two trying to resolve an issue.
We laugh when we say that we give you “one throat to choke,” but it’s not really a joke. You may have had a situation where you called one vendor’s help desk only to be told that it was the other provider’s problem. Then called that provider’s support only to be referred back to the first vendor you called. You might be laughing with us, but you’re laughing because you know it’s true.
When we’re providing IT+Security, not only do you have experts who are on the same page, but we can’t very well point fingers at “the other guy” because the other guy is us. That means faster response and resolution times and less confusion, frustration, and downtime for you.
You’re completely covered without an overlap of costs
Many of the solutions you get with Managed IT are also included in standard Managed Security contracts. Anti-virus and firewalls are just a couple of examples. You may not realize you’re paying both vendors for the same functionality, but it’s likely that you are.
The greatest savings, however, comes in not having to pay the two vendors to work together as one (not that they ever could work as one). If a client brings in a separate vendor to handle Security they will still have to pay their IT Manager to brief their Security vendor and collaborate with them on the solution. The same if they bring in a new IT Manager, their Security vendor will bill them for working with that vendor as well. It’s not only logistically complex, but with you and your team’s busy schedule it can be next to impossible to accomplish.
When you choose one partner to manage your IT+Security you have as much or more experience and expertise at your disposal. There are more eyes on all the balls you have in the air. There’s a comprehensive strategy for all the technology your business depends on. And you get a consolidated bill that covers everything. Our job simplifies your complex world.
Technology is a wider and deeper field than ever before, and business technology is not going to get any less complex, or any less vital, anytime in the near future. We believe you should have one team that you can depend on to deliver the greatest level of business continuity and peace of mind, don’t you? And if you don’t want to do that on your own, we’re here to help. Just give us a call at (866) 826-5966 or, you can use this handy contact form.