This year marks the 400th anniversary of the Pilgrims’ voyage to the new world. The hardships they endured included half of them dying during the first winter. In modern times, 2020 has been an unprecedented, difficult year. Even so, we have much to be thankful for and are especially grateful for our wonderful clients and every member of our dedicated team. We love our work family.
Wishing you all a lovely Thanksgiving!
Image Credit: Howland Overboard (cropped) by Mike Haywood
This February marks Anderson Technologies’ 25th anniversary providing exceptional IT services for clients in the St. Louis area and beyond. The milestone provides an opportunity to reflect on the company’s journey since its inception and provides a thoughtful lens on how the organization plans to forge a path for the future.
Founding Principals Mark and Amy Anderson met in college as Computer Science majors and started their professional careers in the late ‘80s as software engineers for McDonnell Douglas’ Avionics Laboratories. After several years, their entrepreneurial spirit kicked in and the company was incorporated in February 1995 as an IT consulting firm. “I’ve always enjoyed helping people and being entrepreneurial,” Mark recalls. Like many successful business owners, he has fostered that entrepreneurial spirit from an early age. Growing up in a military family as a seventh grader pushing a lawnmower around the yards of trusting homeowners, he’ll never forget the advice his father brought home from his commanding officer while stationed in Germany: “If in life you always strive to do your very best, work will seek you out.” This became a foundational idea in Mark’s outlook. By demanding honesty, integrity, and excellence in himself, everything else took care of itself. Amy’s strength has always been to implement Mark’s big ideas in a practical and risk-averse way, which fueled the birth of Anderson Technologies.
If in life you always strive to do your very best, work will seek you out.”
Initially the Andersons provided technology consulting to Fortune 500 corporations until the market shifted offshore in the early 2000s. This fueled the company’s move from software engineering to system administration and IT consulting. After the start of the new millennium, Anderson Technologies experienced what Mark and Amy describe as a “quiet decade” while their two children were still young. They gravitated towards custom projects that would serve as the foundation for a new division of the company, Anderson Archival. “We were approached by a client who asked us to do technical project management and archival work for them,” Amy says. “While that was going on, we were also performing system and network administration for a handful of companies and helping with their technology.”
Not only has Anderson Technologies evolved over the course of twenty-five years, but so has the IT industry. “At first there was no such thing as managed services on an ongoing basis, where clients would pay a monthly fee for proactive IT support,” Mark says. Once the IT industry’s standard break/fix model was transformed by the need for vigilant, comprehensive managed services, Anderson Technologies fully embraced and invested in this new way of providing outstanding services to its clients.
“Let’s pivot,” Mark remembers thinking, “to focusing on small and mid-sized businesses who will appreciate a relationship with an IT vendor they can look in the eye and wholeheartedly trust.” Developing this strong client-vendor relationship was the foundation upon which Anderson Technologies built itself.
In order to share this new, proactive managed services approach, the company started by asking small business owners what technical challenges they were trying to overcome—and if it didn’t have a solution for them, the team would find another vendor who could help. “We are known for being an organization who cares and who treats people fairly,” Amy says.
In 2020, Anderson Technologies is focused on growing into a new office space, which is about three times the size of the previous location. “It’s a huge milestone for us,” Amy says. “You can feel the momentum.”
Indeed, the firm blossomed over the last few years alone, nearly doubling in size and welcoming Farica Chang as a partner. For over a decade Farica has been integral to Anderson Technologies. “Farica is extremely talented,” Amy says. “When we make a promise to a client, she along with our wonderful employees, consistently find a way to deliver an exceptional result. Farica is key to the company’s current and future success, and we are so grateful she is now a partner.” Mark agrees. “Farica exemplifies the company’s values so well,” he says. “She’s fearless—there’s nothing she can’t do. Her character, work ethic, and talents have blessed all of us. We wouldn’t be the same company without her.”
Working for Mark and Amy after graduation from UCLA and her professional experience at Fortune 500 companies, Farica notes that the opportunities available as part of a smaller team are immeasurable. “Mark and Amy shared responsibilities with me that I could never have imagined had I been a small cog in the gears of a giant corporation,” she says. “Together we conquered thorny technical challenges and complex project management. They fostered an environment of mutual trust and support—nurtured my development as a leader—and showed me how to care for a client’s needs as we care for our own.”
Together we conquered thorny technical challenges and complex project management.”
Anderson Technologies wouldn’t be where it is today without its people. Each member of the team is a valued piece of the puzzle—offering key unique strengths and devotion to a job well done. “Honestly, I love my work because I love our team,” says Farica. “Even on the busiest days, I know I can turn to anyone for help. Many of my colleagues have been with us for five years or more. I’m so proud of their growth and can-do spirit.”
Mark, Amy, and Farica appreciate this moment to pause and reflect on how vibrant their IT company has become. The last twenty-five years have been busy ones, and they don’t foresee slowing down any time soon. “Our hearts are filled with gratitude,” Mark says. “Gratitude for our wonderful employees, clients, and business partners who have enabled us to realize a dream and together build something truly special.”
Here’s to 25 more years of Anderson Technologies!
For more information about the Anderson firms or to find out how Anderson Technologies or Anderson Archival can provide solutions for your organization, contact us today!
Earlier this week we enjoyed a snowy Christmas gathering at our office complete with a fun gift exchange. This year we added another table for our luncheon, and it gave us an opportunity to look back on the progress we’ve experienced. Many of your organizations are growing, and we love working together to help you streamline your systems.
We are pleased to officially announce that at the end of January, we’ll be moving to a new larger state-of-the-art office (just down the street), enabling us to provide even better assistance. It’s currently under construction, and during Thanksgiving week, Farica gave our daughter, Hadley, a tour. Seeing the walls come up on this strong new foundation to support our team and our clients, we recognize all this is possible through the trust each of you have placed in us.
Wishing you all a season of joy and love!
Last Saturday, Amy and nine members of the Anderson family gave a presentation to the Missouri Mayflower Society. Mark directed AV while Amy created content and coordinated with family members. In preparation, they reviewed quite a bit of history and continue to be inspired by the lives of these resilient and tough people we know as the Pilgrims
The Pilgrims had a bold plan with small odds of success based on Jamestown losing 70 of 108 settlers during their first winter in 1607 and 440 of 500 settlers the next. All other attempted European settlements of North America had failed. Their conviction God called them to pursue freedom to worship was exceptionally strong.
When they reached Cape Cod on a cold November day, they determined that in order to survive the frigid and desolate American wilderness, they must work together. The Pilgrims drafted and signed the Mayflower Compact, a document that ranks with the Declaration of Independence and the Constitution in importance to our country’s history. This compact specified a civil government with elected officials and was key to their survival. Considering their lack of food and adequate shelter during that first brutal New England winter, it’s no surprise half of them would be buried before spring. Without the peace treaty with Massasoit and the help of the Native Indians—who taught them how to successfully plant crops in this new land—it’s unlikely they would have survived at all.
As we reflect on this history, we are filled with gratitude for the freedoms and opportunities we have today. It is a pleasure and privilege to help each of you in your organization. The American spirit of working together lives on.
5 Benefits of an Annual Network Tune-up!
The importance of performing a network security audit can’t be overstated, but don’t be fooled into thinking network security is a one-time event. Just like you need to bring your car to a mechanic for a tune up, a yearly network security audit keeps your infrastructure running smoothly and allows your managed services provider (MSP) a chance to look at what’s going on beneath the hood. Better to keep everything running smoothly so problems can’t lurk unseen.
What is a Network Security Audit?
An initial network security audit provides a baseline for the status of your IT infrastructure, what is doing well, where the holes are, and allows you to get in front of any issues that could compromise your systems. Forgetting to fix a known vulnerability could cost you time and money if cyber criminals find and exploit it.
What exactly does a network security audit do? When performed by a professional IT firm, physical processes combine with state-of-the-art software solutions to assess the quality and security of your network. This means reviewing not only your IT systems for digital vulnerabilities but also walking through your physical work space to make sure hardware isn’t set up in a way that would decrease efficiency or be hazardous (such as plugging a space heater into the same surge protector as a computer).
A thorough network security audit should include a review of your business’s
- anti-virus and anti-malware software,
- web and electronic communication filtering,
- Active Directory environment,
- password policies,
- backups and disaster recovery policies,
- and include an in-person assessment.
Five Benefits of an Annual Network Security Audit
As important as the initial security audit is, performing regular audits each year provides you with additional insights that can keep you moving forward in a secure and productive manner. Below are the top five benefits of performing an annual security audit.
- Assess how well you’ve addressed last year’s problems.
A network security audit is useless unless the issues it reveals are addressed. By performing an annual audit, you can compare where you were the year before with where you are now to see what systems improved and what still requires attention.
Have all your planned policies and IT practices been implemented? Did the fixes you put in place successfully mitigate the previous year’s problems? An annual security audit serves as benchmark to the condition and maintenance of your business’s IT environment.
- Review your security vulnerability analysis with your MSP or IT department.
As part of a thorough audit, your MSP or IT department should use specialized software to probe all the nooks and crannies of your network to search for vulnerabilities. But simply performing the audit isn’t enough. An annual review of your network security audit with your MSP or IT staff allows you to go over the security vulnerability scans each year and look at any reoccurring failures. By discussing the results together, you can work to find the underlying reason for any trends you find. Sometimes the problem revealed is actually a symptom of a much larger issue.
- Prioritize your technology needs for the next year.
IT security and maintenance can be expensive, especially when technology changes happen outside of your control, such as Windows 7 reaching end-of-life on January 14, 2020. An annual network security audit is a chance for your MSP or IT staff to discuss what needs to be done in the coming year, and more importantly when it needs to be done, so you can prepare accordingly.
- Address the nitty gritty details of IT management.
As part of an annual audit, your MSP or IT staff should review the state of your hardware, Active Directory for any overlooked users who have left the company, and the configurations of permissions to your systems. These are basic issues that sometimes get lost amidst the pressing everyday IT issues that arise. Having a dedicated time to check foundational elements keeps your IT infrastructure productive and secure.
- Provide feedback to your MSP or IT department and keep the dialogue open.
IT security may feel like it lives solely in the realm of IT professionals, but it requires two-way communication to remain effective. An annual network security audit is an effective mechanism to open a dialogue with your MSP or IT staff and address any concerns you have. The annual audit is a great place to discuss what’s working and what’s not that so all your IT needs are met in the way your business requires.
Don’t wait too long to tune up your IT systems with an annual network security audit. You can’t fix a problem you don’t know exists, and cyber attacks get more sophisticated each day. A look under the hood every now and then offers more than solutions to your problems—it offers peace of mind.
For managed services clients of Anderson Technologies, a network security audit is performed annually. If you want help with a network security audit, contact us today for a free consultation.
We’ve come to the end of our HIPAA series, and if you’ve been following along, you might feel overwhelmed by the prospect of becoming HIPAA compliant. There’s a lot to do if you’re just starting out. Keep in mind that by creating a culture of compliance, it becomes easier to verify that you’re following the Security and Privacy Rules in the future. Instead of creating policies, you’ll be updating them. Instead of choosing technical safeguards, you’ll be evaluating what’s already in place. Once you are HIPAA compliant, it’s easy to stay HIPAA compliant.
Tips for Beginners
For those of you tackling HIPAA for the first time or those whose current HIPAA compliance program isn’t doing enough, here are a few tips to help you start the process.
Know what you have—The start of any HIPAA compliance program is determining what PHI and ePHI you have, what programs or processes access that information, and what policies or safeguards are already in place to protect it. Without knowing that, you can’t know what needs to be fixed.
Perform the SRA first—It’s the first security standard for a reason. A complete and thorough Security Risk Analysis is critical to compliance, and you’ll find that during the SRA process you’ll address many of the other standards in the Security Rule. If you don’t feel you can perform this on your own, it may be beneficial to call in an outside consulting company to help you.
Document everything—Get used to this right away. You must not only become compliant, but you need to prove that you are compliant, and that is done through documentation. Be careful you don’t fall into the trap of “paper compliance,” where you have the documentation but fail to follow through in everyday practice. A policy is useless if it’s not implemented.
Accept that it’s a process—Compliance doesn’t happen overnight. From the SRA to the documentation to the evaluations, compliance takes time. It is a continuous process of monitoring and updating to ensure the privacy and security of PHI.
Get everyone on the same page—Training on HIPAA needs to happen from top to bottom. This helps create a culture of compliance that will make ongoing compliance efforts easier. If those in leadership positions understand why it’s important to be HIPAA compliant, appropriate policies and procedures can be created and the budget adjusted according to needs. When employees know the rules to ensure the confidentiality, integrity, and availability of PHI, there is less chance that an avoidable breach will happen.
There is no one prescriptive way to go about HIPAA compliance. HIPAA is designed to be vague enough that any size or type of business can adopt the same requirements. This allows each business the freedom to implement in the way that best fits them, but it also requires that you take responsibility for the decisions you make. With that said, following a logical HIPAA compliance plan will help determine the most reasonable and appropriate measures for your business in a straightforward way. Compliance is always easier with a plan.
Knowing where to go for information can assist any Compliance Officer in their efforts to become HIPAA compliant. Below is a collection of the resources found throughout this series.
- The HITECH Act https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html
- The OMNIBUS Rule https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/combined-regulation-text/omnibus-hipaa-rulemaking/index.html
- HHS Breach Database https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
Introduction to the Security Rule
- HHS Security Series https://www.hhs.gov/hipaa/for-professionals/security/guidance/index.html
- NIST Introductory Guide to HIPAA https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-66r1.pdf
Security Risk Analysis
- ONC Myths of the SRA https://www.healthit.gov/topic/privacy-security-and-hipaa/top-10-myths-security-risk-analysis
- SRA Tool https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool
- SRA Videos https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-videos
- Privacy and Security Training Games https://www.healthit.gov/topic/privacy-security-and-hipaa/privacy-security-training-games
- HHS Security Series – SRA https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/riskassessment.pdf?language=es
- ONC Guide to Privacy and Security of ePHI https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf
- HHS Guide on SRA https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/rafinalguidancepdf.pdf
- NIST Managing Information Security Risk https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf
- NIST Guide to Conducting Risk Assessments https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf
- HHS Emergency Preparedness https://www.hhs.gov/hipaa/for-professionals/special-topics/emergency-preparedness/index.html
- Homeland Security Cybersecurity Insurance https://www.dhs.gov/cisa/cybersecurity-insurance
- Cost of Data Breach Study https://securityintelligence.com/series/ponemon-institute-cost-of-a-data-breach-2018/
- HHS Encryption Guidance https://www.hhs.gov/hipaa/for-professionals/breach-notification/guidance/index.html
- HHS Breach Notification https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html
- HHS Ransomware and HIPAA https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
- DOJ Protect from Ransomware https://www.justice.gov/criminal-ccips/file/872771/download
What makes your business special? This is probably one of the first questions anyone will ask about your company—your IT vendor included! Nobody knows your business better than you, and learning what goals and values drive your company is an important step in the Anderson Technologies discovery process.
When a potential client reaches out to us, we offer a free network security audit that compiles the best parts of our IT consultation skills to analyze what’s unique about your company and its technology. A network security audit usually entails a system administrator coming on-site to evaluate the hardware and software your company uses, and then our team takes a closer look at the infrastructure and how it could be affecting day-to-day functions and protection from cyber threats. These audits give our IT experts a chance to familiarize themselves with your specific network and highlight any vulnerabilities in your cyber security coverage or computer system efficiency.
In order to fully understand the impact of network security audits on our clients, we spoke with A. A., Chief of Staff of a wealth management firm located in West St. Louis County that has been an Anderson Technologies client since August 2018.
Anderson Technologies (AT): What can you tell us about your technology goals before you learned about Anderson Technologies?
AA: I joined [the firm] in November 2017, and one of the first things that really became a passion project for me was how our IT was structured. I wasn’t impressed with the provider we had, with how they were addressing our concerns, issues, or responsivity. I would reach out, maybe hear back in a week if it was something that wasn’t business-critical. If it was business-critical, it would take every bit of 48 hours, and I would just get passed around. I’d be like, “Listen, we can’t access this,” and a couple days later even though I sent multiple emails, “Hey, A., got your email, we’re looking into this.” Well that’s not really a solution.
Read more about Anderson Technologies’ enlightened solutions for the financial services industry here!
AT: Your husband and Vice President of the firm, N. A., met Amy Anderson at a networking event for local business owners. He knew about your interest in IT, so what made him recommend us to you?
AA: N. A. said, “They approach IT management the same way we approach wealth management: very methodical and particular, everything is structured.” For us, that’s exactly how we want to work with our clients: What are your issues, let us take time to get to know you personally, let me see if I can identify this, this is what I heard, here’s what I think we need to do, here would be the next steps we recommend and then it’s in the clients’ hands to decide.
AT: Did your initial impression of Anderson Technologies live up to the expectation N. A. set?
AA: I basically got an hour, hour and a half with Mark and Amy [Anderson] at no charge where all they did was sit down and listen. They heard everything that we had been through as far as what we were currently trying to accomplish as a business, whether that involved our IT needs or not, over the next two-to-five years.
Wow, these people actually heard me. They know what I’m going through, and I think they actually were connecting the dots.”
I felt like these people have my privacy and my security as a top priority, which is really important to me especially in the industry we’re in. I feel like they’re really taking the time to educate me on things that I should be concerned about and things that they’re going to be looking for.
AT: What was the network security audit process like?
AA: Honestly, it was painless. Anderson Technologies came in and said, “Here’s what would need to happen,” and they went step by step—Here’s what this audit would look like: we’re going to come into your offices at a predetermined time, it’ll be completely private, we’re going to go into wherever your network closet is, and here’s what we’re going to be looking for.
AT: What issues did the network security immediately bring to your attention?
AA: One of the first things that jumped out was our server itself. Mark told me, “Your server is on its last leg, but this dovetails nicely into one of the things you had mentioned you wanted to do, which was transferring everything to the cloud.”
I went from someone who was telling me, “Eh, its good enough, when it breaks we’ll deal with it,” to someone saying, “Let’s be proactive, and let’s tie in what you already told me your goals are and how we can actually make this solution for this issue as well as for your long-term plan.”
AT: Did the network security audit reveal anything that would have been missed without it?
AA: As a wealth manager, any application you would fill out as a client and sign, or any document we may need to have a copy of, like your mortgage or your tax returns from 2016, we want to have a copy of it. We were actually paying for a service that was a branch of our CRM [customer relationship management]. It was fine, but it was cumbersome. It was not cost-prohibitive, but it didn’t make sense to spend $100 a month for this upgraded secure opportunity to store all of our files when, ultimately, we know we want to go to the cloud eventually, which again was part of our initial discussion.
Anderson Technologies said, “Based on what you’re telling us and on our experiences with HIPAA requirements, after we implement a new backup process you can put everything out on OneDrive and it will be just as secure.” Now having said that, “Check with your broker dealer” was Mark, Amy, and Farica [Chang, Director at Anderson Technologies]’s advice, “and make sure they don’t have additional requirements.” So they really covered all their bases saying, “Here’s our expertise, here’s who we recommend you double check with on your side, but here’s what we think the answer will be.”
Ultimately we went from spending $100 a month on an application system that was cumbersome, difficult to use, not intuitive, to something that integrated with our day-to-day applications in Office 365. [We went from a process of] … either adding files, which took 30 seconds, to retrieving files, which took take a minute per file based on the old system. Now we’re able to say, “Great, we’re going to access this just like anything else,” and it’s right at our fingertips in seconds.
While it may seem nominal reducing 30 seconds or a minute down to a couple of seconds, it makes a big difference when that is your day-to-day, in-and-out job.
Creating those efficiencies is invaluable to an office like ours. I would sit here and try to open something and go through a series of clicks, or because the system was slow I found myself getting distracted and checking emails when it was something that should have been my singular focus. Now I can do that.
AT: How did the audit lead to a partnership between your firm and Anderson Technologies?
AA: It was the attention to detail. After the audit, we decided we wanted to work with Anderson Technologies. We like your process, we like that we feel like a priority, which was a huge gap in our previous provider’s services. Being able to sit back and [have Anderson Technologies] say, “Here’s everything we recommend for you guys. These are the routers you need, these are the wireless access points,” and just going through and itemizing each thing and saying, “Here’s what you will see as a result of making these changes, and here’s why this is good for security, this is why this is good for speed,” was just a huge relief.
The day they came in and installed everything, it just felt like, “Great, this is one less thing I have to worry about, one less thing that I can sit there and double check and question.” I feel like these are people that have actually taken the time to say, “This is the right solution for you, and we’re on top of it and we know when it is no longer the right solution for you.”
Interested in reading more about how Anderson Technologies provide support through system administration? Click here!
AT: What do you see in the future for your partnership with Anderson Technologies?
AA: One of the things we love about you guys is you’re very similar to how we operate. We sit down with clients and everyone’s happy until there’s a problem. No one knows that they have an issue with their IT provider until suddenly they can’t get online, suddenly their phones don’t work, whatever it might be. Same thing with wealth management. Everything’s fine until the market crashes and everyone wants to call you. We get it. But you guys are also really good and you have a similar process in that you lay out line item by line item, “This is what you can expect, and if this is what you need here’s what we can deliver.” You have this level of understanding.
It’s the peace of mind that I get knowing that Anderson Technologies is watching out for not just the hardware and software, but when I walk in in the morning and that if there’s something wrong, [Senior System Administrator] Eric Dischert has already called me, explained what it is, and explained how he’s fixing it. There’s a level of proactivity there that cannot be undervalued. I’ll open a ticket and … I get a response almost immediately saying, “Here’s the deal, we know what’s going on, we have a solution” or ”We need more time to find a solution because of this,” and then I at least know that my emails are going somewhere.
AT: Thanks for taking the time to speak with us, A. Do you have any final thoughts before you go?
AA: If there’s something that you didn’t get for your article let me know, because God knows I’m pretty sure Anderson Technologies has checked that box for me.
Is the mess of cords and cables in your server room weighing heavy on your mind? Whether or not you rely on a managed services provider (MSP) to keep your IT systems organized and in check, you have a responsibility as a business owner to understand the hardware that keeps everything running.
Misinformation about firewalls is one of the most common issues we see at Anderson Technologies. When asked “Do you have a firewall?” most business owners will emphatically respond “Yes!” without realizing that they’re unfamiliar with the hardware that they think is safeguarding their company. That dusty router in the corner of the phone closet or server room probably isn’t doing much more than its job, which is definitely not to protect your network.
We’ve previously written about the differences between hardware and software firewalls, and Anderson Technologies always recommends an enterprise-grade hardware firewall for businesses under our care. But don’t let that be the extent of your knowledge!
Below we’ve compiled a quick guide to understanding the nuances of your firewall and related equipment. By using the tips below, you’ll have an extra level of familiarity when discussing your hardware options with your MSP or teaching your employees proper cyber security protocol, as when striving for HIPAA compliance.
Read more about System Administration from Anderson Technologies here!
- Get to Know Your ISP
You might be asking, “What does my internet service provider (ISP) have to do with my firewall?” The answer to this question varies greatly depending on your network setup. When asked about firewalls, many business owners automatically point to their internet modem or router, and misinformation from ISPs and previous MSPs are to blame.
Most home networks don’t have or require a separate hardware firewall, because the modem and/or router provided by your ISP may have a basic one built in—that is, if it’s configured correctly (more on configuration in #2). Businesses, on the other hand, almost certainly require a more robust level of protection in the form of a hardware firewall. Though HIPAA’s security standard §164.308(a)(5) doesn’t explicitly state the particular hardware necessary to protect against malicious software, having a trustworthy firewall can help and is well worth the investment beyond regulation compliance.
Your ISP factors into the firewall equation at a very basic level. After all, if you don’t have an internet connection, what is your firewall protecting? Your MSP can easily adjust things like wireless access points and device connections, but if there’s a problem with the internet itself there’s not much we can do. Whether you’re using your wireless router’s built-in firewall or an enterprise-grade Meraki, that stream of internet flowing into your business relies solely on your ISP.
Along with your IT services provider, your ISP is a partner and resource when it comes to the technical workings of your business. Always have your ISP’s contact information handy in case a security or performance problem is coming from the foundation of your network—the internet itself.
- Configure, Configure, Configure!
Configuration is a term that tends to scare those who don’t consider themselves “tech-savvy,” but at its root, configuration is nothing more than telling your devices how to work.
Think about it this way: when you bring your new smartphone home, it won’t have any of your personal settings or information. Maybe the menu text is too small to read, or the brightness and sound aren’t set to your liking right out of the box. Fixing these settings may take some general knowledge about how the phone works, and possibly some investigation and deduction. But once you’ve changed all the settings to fit your lifestyle, the phone will be working for you and not the other way around.
Configuring your firewall and other network equipment works pretty much the same way, but with nuances that might require outside IT services. Firewall configuration determines which user accounts can manage the firewall’s settings, which computers can access different layers of confidential data, and any other restrictions you need to implement. After this, your firewall will know exactly how to act in a way that meets your business’s individual needs. Guides on configuring your firewall on your own aren’t difficult to find, but when it comes to your business’s firewall, if you feel unsure about how to program it, consulting with a professional is recommended.
- Bolster Your Network—Inside and Out
Businesses are prey to targeted attacks more than ever, according to Symantec’s 2019 Internet Security Threat Report. Cyber criminals are stealthier in how they infiltrate networks and know how to take advantage of any weakness. Your firewall serves as your network’s dedicated bodyguard, but what is a bodyguard without backup when trouble arises? Supplement your firewall with both inside and outside reinforcements.
Network protections from the inside include intrusion prevention systems (IPS), robust antivirus/antimalware software, and protective buffers like Proofpoint or multi-factor authentication (MFA). If a cyber threat circumvents the firewall by entering your network from the inside—such as from unregulated permissions or compromised or unpatched software—security software can mitigate the damage. Inside protection also includes ransomware detection and data backups in case the worst happens.
What about protections outside your firewall? Those can be more difficult to implement, if only because they deal with the most vulnerable factor in any security network—humans. Email filtering tools (like Proofpoint) and internet content filtering software (CFS) can screen most of the potential threats that present themselves to your employees. But all it takes is one employee opening one spammy link from a spear phishing email, and your whole network becomes victim to a targeted attack. Everyone on your team needs to have the same awareness, goals and training because firewalls can only do so much on their own.
Firewalls are amazing investments that can save your business hundreds of thousands in the long run by preventing devastating cyber attacks. It’s important to know what’s going on beyond all those cables, circuit boards, and blinking lights. And when someone asks if you have a firewall, you’ll be able to confidently point out the device and know your network is protected.
If you’re a regular reader of our blog, you might recall that we’ve written about Anderson Technologies’ avoidance of canned, one-size-fits-all solutions for IT. As a small business that specializes in serving other small businesses, we know that different clients have different needs. What works best for a small local nonprofit organization might cause more problems than it fixes for a bustling assisted-living facility.
A St. Louis law firm experienced this firsthand when they were looking for a new IT services provider.
A Personalized Approach
Founded in 1986, this law firm began as a family-owned and -operated law firm. Attorney L. C., stuck to the firm’s guiding values and became the third partner in 2010.
The firm specializes in tax law, as well as business and commercial law and estate planning. “We do the type of planning that you find at a bigger firm,” L. C. says, “but we do it in a way that’s more approachable to the business owner.”
We can put ourselves in their shoes and say, ‘This is what I would do for my business if I were you.’ I think that’s a value that you don’t get everywhere.
Much like Anderson Technologies, this law firm focuses on serving local small businesses. “The types of planning we do for our clients you would traditionally find at larger firms, where most of the people you’re meeting with are partners but they don’t know what it takes to run the business,” L. C. says. “They can’t tell you those things that small business owners really do feel.”
L. C. continues: “Most of [our clients] are business owners, so we treat them the way we’d want to be treated—or better. We can put ourselves in their shoes and say, ‘This is what I would do for my business if I were you.’ I think that’s a value that you don’t get everywhere.”
Appealing For Change
L. C. recalls that when she first started at the law firm, the firm only had a server without backups to the cloud. If something went awry, their one-man, paid-by-the-hour IT provider would come and perform a quick patch job. Though this was a solution for any immediate emergencies, L. C. knew that they could benefit from investment in a new server backup system or better IT services altogether.
“Like any business owners, we don’t have time to deal with anything unnecessary in our day and we certainly don’t want to deal with technology that we don’t understand causing us issues,” L. C. says. “It’s crucial to have somebody who will always be available to answer those questions for you, because they do come up, even if you try to be proactive about it.” For L. C., moving to managed services seemed like the right option.
After transitioning to a different IT company who advertised remote service capabilities and made empty promises of new hardware,the law firm decided to reevaluate their needs and priorities concerning tech. “Maybe we should look at that relationship,” L. C. remembers thinking of their previous IT partner.
The final straw happened when they moved the law firm to Office 365 and OneDrive. This enterprise-grade business software has numerous benefits, but to this law firm, without guidance from a managed services provider, it was more of a hindrance than an upgrade. “No one was telling us proactively ‘don’t put your computer to sleep’ or ‘don’t turn them off when you leave the office,’” L. C. says. This led to broken processes and incomplete data syncing that, even though the law firm had all new computers, were working less effectively than before.
I’m just going to get out a typewriter and write letters that way because it would be faster than having to deal with my computer.
Instead of getting to the root of the OneDrive syncing problem, the law firm’s previous IT company created a workaround that was inconsistent for the firm’s daily functions. Even less helpful was the company’s unapologetic attitude about the entire situation. “I didn’t get that they really gathered how annoying that glitch had been for us,” L. C. says. She remembers telling them “I’m just going to get out a typewriter and write letters that way because it would be faster than having to deal with my computer.”
Finally, L. C. met Anderson Technologies’ Principal Amy Anderson at a local networking event, and she decided to get a second opinion about their conundrum. “I’d heard her talk about their complimentary technology assessment,” L. C. says. After hearing about what the law firm had experienced, “[Amy] said, ‘That doesn’t make any sense. Office 365 and OneDrive are widely used. It must not be configured properly because there’s nothing unique about your situation that would cause it to work so poorly.’”
The red flags that came up in their 2018 assessment were things that small businesses usually don’t realize they should be looking for, such as the lack of an enterprise-grade firewall and wireless internet routers—which their previous managed services provider should have immediately remedied. Since the law firm deals with sensitive client data, ensuring they had a secure infrastructure was a top priority. And the issue with 365 had to be resolved in order to ensure their data was being replicated and shared internally properly.
After working with Anderson Technologies, L. C. says: “I trust that they’re not going to do something wrong and that they wouldn’t be telling me to buy something I didn’t need or that they wouldn’t do for themselves.”
Although L. C. is very enthusiastic about Anderson Technologies’ technical work, her real trust lies in Anderson Technologies’ accountability and responsibility to clients. Like the law firm, Anderson Technologies is a small business for small businesses, and this value assures that the client’s best interests always come first. “That’s kind of their approach,” L. C. says, “that if they were me, they’d do XYZ. . . . They’re going to actually do what they say they’re going to do.”
They’re going to actually do what they say they’re going to do.
Anderson Technologies continues to assist this law firm with onboarding new employees and installing hardware, including a high-speed scanner. Tax season is a very busy time for the firm, so it’s especially important that their computer infrastructure is now stable, ideally configured, reliable, and secure.