Tech Tips Blog

Written Information Security Plan (WISP): 9 Business Days Left

 digg it |  reddit |  delicious |  StumbleUpon 

ATTENTION: Time is running out!

All organizations that employ or have a customer base that reside in the Commonwealth of Massachusetts need to have a detailed Written Information Security Plan (WISP) in place by March 1^st 2010.  Feel free to blog any questions or concerns regarding the 201 CMR 17:00 - Standards for the Protection of Personal Information of Residents of the Commonwealth.  Cut and paste the link below which was distributed by the “Massachusetts Office of Consumer Affairs & Business Regulations”, and contains important information in achieving WISP compliance. 

Do You Have Your WISP in Place for March 1st?

 digg it |  reddit |  delicious |  StumbleUpon 

Do You Have Your WISP in Place for March 1st?

On September 19, 2008 the Massachusetts Office of Consumer Affairs and Business Regulation established new identity-theft regulations, 201 CMR 17.00: Standards for The Protection of Personal Information, which requires all Massachusetts businesses to protect all personal information of the citizens of the Commonwealth. Accompanied by Massachusetts law M.G.L. c 93H

201 CMR 17.00's requirements include up-to-date antivirus software, firewalls, encryption and a Written Information Security Plan (WISP) along with other documentation. These compliance standards must be met by businesses by March 1, 2010.

We recommend that you read the Office of Consumer Affairs and Business Regulation FAQ, at: http://www.mass.gov/Eoca/docs/idtheft/201CMR17faqs.pdf

2010-02 Compliance with 201 CMR 17:00, Standards for the Protection of Personal Information of Residents of the Commonwealth

http://www.mass.gov/pageID=ocamodulechunk&L=4&L0=Home&L1=Government&L2=Our+Agencies+and+Divisions&L3=Division+of+Insurance&sid=Eoca&b=terminalcontent&f=doi_Bulletins_bulletins_10_02&csid=Eoca

Can Baesis help?

Yes, as part of our WISP services, Baesis will perform the following procedures that are required by the 201 CMR 17 Regulations:

• Develop a customized WISP
• 27 Point Network Audit: Ensuring that their network meets the regulations of security requirements. (Baesis managed service clients should already meet or exceed most of these requirements)
• Risk Assessment
• Create an action plan for remediation to achieve compliance
• Provide on-going assistance in maintaining compliance
• Establish network security, policies and procedures

Disaster Recovery and RAID Technology

 digg it |  reddit |  delicious |  StumbleUpon 

What is Disaster Recovery? 

Disaster Recovery means different things to different people. What's really important, is what does it mean to your organization. In this blog, I am going to hope to cover many areas, such as:

• What does Disaster Recovery entail?
• Why it is important to be prepared?
• How do you do it?
• How will I know when I am done?
• What are the best practices to maintain your IT infrastructure?
• Examples of where some have succeeded... and others have failed.
  
• How to utilize RAID Technology?
• Can RAID Technology and Disaster Recovery work together?
  

According to Wikipedia, Disaster Recovery is the process, policies and procedures related to preparing an organization for a recovery or continuation of an IT infrastructure that is critical after a natural or human- induced disaster.

With the increasing importance of information technology for the continuation of business critical functions, combined with a transition to an around-the-clock economy, the importance of protecting an organization's data and IT infrastructure in the event of a disruptive situation has become an increasing and more visible business priority in recent years.

It is estimated that most large companies spend between 2% and 4% of their IT budget on disaster recovery planning, with the aim of avoiding larger losses in the event that the business cannot continue to function due to loss of IT infrastructure and data. Of companies that had a major loss of business data, 43% never reopen, 51% close within two years, and only 6% will survive long-term.

Stay tuned to this blog to learn about different product options, methodologies and just some good, common sense ideas.     

Managed Network Service: Overview

 digg it |  reddit |  delicious |  StumbleUpon 

  What can Managed Services do for your organization?

Businesses continually find themselves driven to use technology on a daily basis and this technology grows in complexity on a daily basis as well. Technology needs impose risk and often pull companies away from their core responsibilities of providing products and services that bring value to their markets and dollars to their bottom line. Poor planning can adversely impact your business operations. BAESIS, with its 40+ years of experience in technology markets, knows that there really three key areas for concern. These are:

 TIME lost trying to understand and make use of what you have and what you may need to stay competitive

 RISK of your systems (and business) shutting down due to inadequate resources to support what you have

 MONEY lost from your bottom line due to no business continuity/disaster recovery plan or uncontrolled costs

All three are important and affect your business in different ways. But be assured, they all tie back into money. So let's take a quick look at each.

TIME: Most people relate time to a soft dollar cost. In that sense, it is difficult to capture and more difficult to build an ROI based on time savings. BUT...and this is a big "but", that time adds up and costs real dollars that are deducted from your bottom line. So what do you pay your IT person? You may have one who wears many hats or you may have several who are dedicated to the task. Time is real and costs real money. So let's look at an example.

One IT person costs say $75,000 per year (I believe generally speaking that this is a very conservative number). That breaks down to $340/day, say $34/hr since they likely work a 10 hour day. If they spend 6 hours /day dinking around with IT issues, and mind you these issues could be "How do I do ...?" to standard Break-Fix stuff, that cost for their time is $204 /day of non-revenue generating tasks. If you could save 50% of that time with an outside resource managing this process, that would translate into a $102 /day savings x 220 hours /year = $22,440 per person/year. Now this likely is a line item expense on your P&L statement but the cost is real just the same.

The other side of this time savings is what else could that staff person be doing that is proactive and will either make your company more money, or allow them to seek cost savings in other operational areas of your business. There is a very large hidden savings to be found here.

With a 20 PC network riding on 2 servers, this cost savings is a wash when a Silver level managed services plan is implemented. If you have more than one IT person, the saving really add up.

RISK: This always means different things to different people. Risk is a REAL concern in today's electronic business climate. Often the cost of risk goes unseen until something bad happens. Some of these issues could be:

• Loss of critical company data due to inadequate backup methodologies
• Loss of financial / personal information (I don't think we even want to go there; just check the news headlines on a daily basis)
• Loss of a critical server that runs your business or keeps you connected to the outside. Customer correspondence would be lost, incoming orders, etc.
• Loss of confidential/proprietary information when a laptop walks off-site or a PC becomes corrupted.
• Loss of key personnel because they can't get their jobs done due to inferior IT infrastructure

I could go on and on as the example far outnumber your patience to read them. Suffice to say, if your IT staff does not have the time to take care of their little incidences, they can become the problems that can lead to disasters!

Outsourced IT services can mitigate this risk, SUBSTANTIALLY, and let you get back to what you do best. That may be producing a valuable commodity, manufacturing a "made to order" product, or simply serving your customers better.

MONEY: All relates back to money. What come in must exceed what goes out or we have no business left. At least not a profitable one! Since so many companies today are run with someone else's money, it is all about the profit you can show this year, this month, this week, and all too often, this day. Any way you can cut costs and increase operational efficiencies, the better for your company in the short-term...and for your long-term viability. Saving money comes in many guises:

• reduced head-count to do the same job
• reduced operational cost brought on by business efficiencies
• reduced IT staff time (cost) to operate on the Break-Fix mentality
• reduced lost time due to stress related illness (and yes, most IT people carry a pretty high stress load)

BAESIS is one of the new breed of service providers that is bringing Enterprise Level IT Management to the Small-to- Medium Business (SMB) marketplace. We deliver a very strong cost to value ratio and tailor our network service offerings by working with our customers to understand what REALLY needs to be delivered. These services are delivered through one of these three service level offerings: BRONZE, SILVER, or GOLD. The BAESIS Managed Services plans cover some if not all of the following areas:

• Site-visit/Discovery session
• Testing and Evaluation services
• LAN / WAN Web Network Design and Administration
• Hardware, Software, and Peripherals: specification, acquisition, and maintenance
• PC, server, and network Monitoring and Management
• Physical Reconfigurations and Upgrading
• Capacity, Backup, and Disaster Recovery Planning and Implementation
• Network Security, Connectivity, and Data Assurance☼ User Training / Support / Help Desk

Wouldn't it be nice to know what your IT Support costs would be in advance? Isn't there security in knowing that your investment in technology was sound and followed a well thought out plan that you helped to develop? These are questions to ask. We welcome the opportunity to work with you and your staff to ensure that your organization always has a high level of system availability, performance, and security that meets your needs, and budget. Please call or email us today for your FREE Managed Services Assessment.

Managed Network Services: Why, and When

 digg it |  reddit |  delicious |  StumbleUpon 

ManagedNetwork Services; what are they and what can they mean to your company.

This is often a very confusing topicfor many companies in today's business climate. We are all familiar with the"Do more with less" mentality that permiates our busness culture. Butdo more with what and less with what? These are fair questions.

Hereare some brief answers.

Do more with:  

1.My technology infrastructure and investment

2.My people's time, talent, and role with my company

3.Do more with what makes my company money

Do less with:     

1.Managing/ Maintaining / Updating my own infrastructure infrastructure

2.Spend fewer FTE hours fixing what breaks and implementing theconstant changes that take place on a daily basis within my networkand or systems

3.Get back to my "core competencies" as these are the tings that makemy company money. Spend less time on your systems and processes, and moretime with your customers.