Recent Blog Posts
Every Organization Needs IT Policies Keeping a business’s data secure requires not only good technology but good policies. User carelessness is the biggest cause of breaches, and technical measures can’t stop people from making dangerous mistakes. A set of policies that employees and contractors understand, together with training in how to apply them, should be a basic part of the strategy of any organization that has important data which it needs to protect. A well-written policy is clear and specific, but not so loaded with unnecessary detail that it takes a lawyer to decipher it. If it’s too hard to read, people will just skim over it without understanding. The essentials in a policy need to include what it requires, whom it applies to, and a broad overview of how to carry it out, as well as possible penalties for non-compliance. How strict the policies have to depend on the kind of organization. Offices that hold personal health information, handle credit cards or do classified work need especially tight policies. Any organization that handles money or personal information needs reasonably strict policies, though. There’s no such thing as an organization that is too small for attackers to pay attention to it; in fact, some criminals specialize in small organizations on the assumption that they have lax security. We can broadly divide policies into those which apply to all users and those which concern only IT personnel. Let’s look at a few in the first category, as examples. Email policy. The policy should state to what extent it allows personal communication using company email, if at all. It should explain retention requirements, indicate what kind of language and commentary it prohibits, and spell out what use of third-party email services it allows or doesn’t. It should notify users that their mail may be monitored and they have no expectation of privacy. Password protection policy. This has to place specific requirements on the formation of strong passwords, prohibit password sharing and reuse, and list specific practices (writing down passwords or hints, giving them over the telephone, etc.) that users have to refrain from. If the company does any password guessing to test compliance, the policy needs to let the users know. Remote access policy. Instructions on how users may access the organization’s systems from outside go here. Requirements may include coming in only through the VPN, protecting their VPN passwords, not simultaneously connecting to other networks, and having antivirus software. Other policies are specific to management and IT personnel. Let’s look at a few examples. Disaster recovery plan policy. This doesn’t specify the contents of the plan but states what kinds of contingency plans the staff has to create. It places requirements for reviewing the plan periodically and conducting tests. Server security policy. The requirements of this policy should include registering all servers, designating the primary person responsible for each one, specifying requirements for generating and retaining logs, maintaining access control (including physical access), keeping the software up to date, and reporting security incidents. Equipment disposal policy. This policy has to cover such issues as wiping disk drives before disposal, tracking and identifying equipment that has been cleared for disposal, and recycling. It needs to identify the kinds of equipment which it covers. The SANS Institute’s website offers a broad range […]
We have been at this for a long time, and we understand the value of following proven systems and processes. According to Wikipedia… “A standard operating procedure, or SOP, is a set of step-by-step instructions compiled by an organization to help workers carry out routine operations. SOPs aim to achieve efficiency, quality output and uniformity of performance while reducing miscommunication and failure to comply with industry regulations.” At White Mountain. we follow SOPs for everything that we know will be a task or series of tasks that will need to be repeated in a defined and consistent manner. We generally follow industry-standard best practices for general IT management functions, and develop our own, as they relate to our unique processes and clients systems. When we onboard a new client we follow SOPs for every step of the process, and as we get to know your workflow and internal procedures, we help develop custom SOPs specific to managing and supporting your technology. Examples of customized client-specific SOPs that we create and maintain: Employee on-boarding and separation procedures Security Event and Major Incident Response procedures Emergency Lock-down procedure Notification procedure for key teams, executive, management, all staff After hours outage, notification and response SOPs for all key failover events (internet, phones, email etc) Without being disciplined about following SOPs, how can anyone consistently achieve consistent, exceptional services for your users? If each person doing the work takes the liberty of doing it “their own way”, I can guarantee that it will result in poor service and frustrated users. Not adhering to SOPs leads to: Inconsistent and unreliable results Unnecessary security risks Lack of standards, which frustrates users, and makes ongoing support more difficult Callbacks and repeated interruptions for your users Excessive IT support costs This is a perfect example of the advantage of working with a Managed IT Service Provider that is experienced enough and large enough to be committed to professional IT management. It’s not easy to do, we often spend more time documenting and following up on an issue than we did actually fixing it. But we make up for it in the long run, with increased efficiency across our entire client base. In order to be able to maintain this level of excellence, your tech team needs CONSTANT professional guidance, oversight, and management, which is why doing IT support in-house without qualified, dedicated management staff can be such a disaster. Anyone delivering IT services without a full time dedicated management team will have a hard time maintaining this level of service. Consistently following and maintaining SOPs is nearly impossible to achieve if you are depending on: A single employee, or even two or three internal employees, without dedicated IT management An IT service provider without a dedicated management team (dedicated managers don’t do the tech work!) An individual part-time employee, or a neighbor, friend, or IT guy down the street If you think that you could use some help instituting SOPs in your company, give us a call anytime. Professional IT Management Service and Support Management Project Management Standard Operating Procedures IT Policies Systems Documentation Technology Consulting Cyber Security Training Reporting and Metrics Co-Managed IT Services Engineering & Support Help Desk Services Onsite Services Server Support Network Management Data Backup Disaster Recovery System Engineering Network Operations Network Security Project Work Staff Augmentation Cloud […]
Getting complex IT Projects done on time, and under budget, requires getting all stakeholders on-board early, and keeping them involved, informed, and in the loop. On our end, that means all technical, management and consulting resources. On the client’s end we typically engage with upper management, department managers, and other key personnel to assist with workflow, deployment, scheduling and testing procedures. Then, of course, we need to include any third party suppliers, vendors, and contractors that may be involved.
Professional Service Management requires a commitment to mastering execution, constant improvement, and exceptional customer service. When you work under a Managed IT Service flat rate billing system, as we generally do, profitability is directly tied to our efficiency, expertise, and management practices. When our clients have problems, it costs us BOTH money, so by investing in proactive management systems we maximize productivity for both organizations. For your staff, we strive to minimize inefficiencies, interruptions and downtime, for our team, we avoid “fixing” things that shouldn’t have broken in the first place. By continually investing in best-in-class management tools and systems, we ensure that our team is ready and able to exceed your expectations.
The Cloud Takes the Burden Off of Running Your In-House NetworkIf you host your own IT infrastructure in-house, you are responsible for ensuring that it functions properly. This includes worrying about issuing the latest security updates and resolving critical problems that could lead to hardware failure or other forms of downtime. An average SMB will find this challenging, as they may not have an internal IT department or the time to devote toward learning how to properly take care of technology solutions. When you host your business?s data and applications in the cloud, you are essentially taking this responsibility and outsourcing it to a managed service provider. This managed service provider then performs all of the necessary maintenance and management. In return, your business gets the ability to focus on your business goals, as well as the peace of mind that your technology is being maintained by experienced professionals. The Cloud Offers FlexibilityToday?s mobile-centric business environment is very conducive to the success of the cloud. Hosting your data and applications in the cloud allows your organization to share files and information from any connected devices. ITProPortal explains: ?Global expansion has increased the need for international data centers, especially as security and privacy concerns lead to strict regulations that vary from country to country… Cloud computing with an established cloud partner with physical data centers across multiple geographies means your data can ?live? in just about any jurisdiction, and mitigates this problem.? Next, consider the fact that you?ll be providing your team with versatile access to important files, as well as collaboration capabilities in real time. This makes the cloud an important and borderline-necessary way of improving productivity for your organization. The Cloud is SecureBefore the cloud became a popular option for businesses, there were major concerns about the privacy and security of data handled by cloud service providers. Trusting a third-party provider with your sensitive data may not have seemed appealing for this reason. These days, security has undergone so many upgrades that even public cloud options are viable ways to host your data. Data centers have also undergone impressive shifts in favor of SMB cloud hosting, allowing you to host your organization?s data with their resources without giving up on the flexibility option. With all three of these features, have you changed your mind about the cloud? For more information about what the cloud can do for your business, reach out to White Mountain IT Services at (603) 889-0800.