Choosing an IT support structure is a lot like choosing a treat from the ice cream truck (we’re going somewhere with this, we promise). Some people are Fudgsicle people, while others always go for the Rocket Pop. The point is that IT support comes in different flavours designed to suit various needs and budgets.

Small businesses, which understandably have smaller budgets for IT spending, typically opt for low-overhead options. Specifically, they usually go for an hourly business IT support model, meaning companies are only charged by the provider when they actually use IT services. With this method, also known as break/fix, companies have access to expert IT support when their technical needs exceed their abilities. Unlike with a managed services provider or internal IT support provider, however, there’s no commitment to pay for ongoing support. Hourly support is the ice cream sandwich of IT services: simple, classic and provides just enough to get the job done.

Reduced upfront costs

The big draw of hourly IT support is the cost savings. If calls to the IT support centre are few and far between in your office, this payment structure just makes sense. Ditto if you have an on-site IT team that’s able to handle non-urgent issues. As supplemental 24/7 IT support, hourly IT is a good idea. After all, your internal IT guy probably appreciates being able to take a vacation every now and then!

If your support needs are fairly insignificant or irregular, you’ll find a pretty powerful argument for hourly IT support in the form of dollars saved. MSPs offer consistent monitoring, strategic planning and routine maintenance—but nobody works for free, including business IT support providers. Opting for the hourly structure can reduce upfront IT costs, particularly if your budget for such expenses is extremely limited.

Unexpected maintenance costs

The downside to the hourly IT support method is that it’s often hard to predict when things will break. You may be breezing along, working with an out-of-the-box cloud storage solution and a few mobile devices and desktop stations when suddenly everything goes kaput. You can’t figure out how to back up your network, your Wi-Fi is on the fritz and—because when it rains, it pours—a couple of those trusty desktop stations decide it’s time they meet their makers.

The situation we just described may be extreme, but it’s not entirely unimaginable. After all, the break/fix method makes it difficult to budget for upgrading your machines, networks and servers. Instead of receiving regular maintenance, your systems and equipment will keep grinding along until something either give out or is diagnosed and “fixed” by nontechnical employees.

There’s obviously no way to predict when you’ll find yourself at the centre of a perfect technological storm. That said, regular system checkups by an expert can offer some insight into your equipment’s expected lifespan and may even help you squeeze out a few additional years.

Impacted productivity

A slow computer or network adds time to every task you undertake. Moreover, when members of your team take time out of their days to deal with network outages or computer issues, that’s time they’re not using to work on their core objectives, which translates to lost productivity.

When you don’t have a dedicated IT team at your disposal, the work of correcting computer issues often falls to other team members. With an hourly IT support structure, employees typically need prior authorisation to contact IT services, so it’s faster (and less awkward) to diagnose computer issues themselves.

The problem is that unless you happen to have an amateur computer whiz on staff, you’re trusting the livelihood of your equipment to someone who may not really know what they’re doing. Meanwhile, something that a pro may need 30 minutes to diagnose and correct can take an inexperienced employee a full day of Googling and trial and error. When you add up the resultant lost labour, your hourly IT support system could be costing you a great deal of money.

Calculating your actual IT costs

That’s not to say hourly business IT support isn’t a good fit for small businesses. There are several factors at play, including your equipment, the internal resources available, your budget and what you have planned for your IT in the future. However, given the number of hidden IT costs associated with the hourly model—equipment replacement, lost business during outages, reduced employee productivity, etc.—it’s likely worth taking a more holistic approach.

Tracking how much time you spend internally fixing IT issues and how frequently you replace and repair equipment will help you get a feel for the real costs of business IT support. However, the cost isn’t the only thing to consider when you hire an IT services provider.

Technology is often presented as a way to cut operational spending—after all, if you can get a machine to do the work of 10 employees, you’re definitely going to see some savings. However, when it comes to IT services and infrastructure, choose your savings carefully. Low-overhead IT solutions may cost less upfront, but opting for these services can come back to haunt you during an IT support or security event.

Most organisations spend very little on IT solutions as it is—small businesses dedicate an average 6.9% of their budget to IT, while enterprise companies spend a mere 3.1%. Considering how much a data breach or server downtime can cost you ($3.62 million and $100,000 per hour, respectively), choosing economy-grade equipment and IT support isn’t always the wisest choice.

An easy analogy comes from the grocery store. Sure, a two-pack of paper towels costs less upfront than a pack of 24, but when you really break it down, you’re spending a lot more per roll than you would if you bought the bulk package—and it’s not like you’re going to run out of uses for paper towels!

Similarly, businesses may shave IT spending by opting for limited services packages, but this often backfires spectacularly when there’s a need for more intensive, personalised support. If your server goes down or you can’t access mission-critical data, you might end up paying through the nose for hourly IT support. Here are some of the techniques businesses use to save on IT services and solutions, as well as why those strategies often boomerang when the heat is on.

Refurbished equipment: Is it worth the long-term costs?

The best computers and devices are as reliable as the dawn: They won’t conk out on you in the middle of a huge report or suddenly go down during your busiest day of the year. However, top-of-the-line equipment is expensive, especially if it’s brand-new.

That said, refurbished computers, server machines and other devices present an opportunity for cash-strapped businesses to save. You can often find refurbished laptops and desktops on sale for hundreds of dollars below retail price—but what you save in money, you lose in easy IT support, longevity and coverage.

Keep in mind that return policies for refurbished products are usually fairly limited. Under Apple’s return window, for instance, you have just two weeks to identify defects and send back the product. And Apple actually has one of the more lenient refurbished equipment policies out there!

If you choose to go down the refurbishment path, you’ll also face restrictions on your warranty. Most refurbished products are only under warranty for 30 to 90 days, and in some cases, the warranty may not even be applicable if the manufacturer doesn’t have a repair centre in your area.

Lastly, used equipment may need to be replaced or repaired more frequently, even though it’s been refurbished. This issue tends to particularly crop up with used laptops, which have older batteries that require charging more often and may even need to be replaced altogether. A malfunctioning hard drive is another common problem, and you’ll have to pay out of pocket to have it replaced. Even if you don’t experience problems with worn-out parts, older equipment obviously becomes outdated sooner than brand-new models. The question becomes: Do you want to save now or save later?

Break/fix and hourly IT structures: Will they cover your IT needs?

Sure, investing in refurbished equipment is a gamble, but it’s a low-stakes bet compared to opting for limited IT support. Break/fix and hourly IT support structures exist for businesses that have very minimal IT commitments—under this model, your business is charged only when you call IT support. Unlike with managed services providers (MSPs), which can provide you with 24/7 monitoring and other ongoing services, you won’t pay a fixed fee for IT services with the hourly model.

Break/fix models typically cost less, so they may appear to be saving your business money. The problem is that these pricing structures make IT spending unpredictable and difficult to budget. Additionally, hourly providers offer largely ad hoc IT solutions, so there’s little due diligence to ensure the overall security of your infrastructure and systems.

Break/fix and hourly IT solutions may do for the short-term, but there’s not much preventative work done to head off problems down the line. Furthermore, you won’t have the planning and strategic advice of an expert. All in all, think of your IT support choices as being equivalent to seeing the dentist: You’re probably a lot better off going every six months for a cleaning than only when you have a cavity.

Skimping on IT security: A bad idea by any measure

If it ain’t broke… you know the rest. Maybe that mantra works for the government, but in terms of IT services, legacy applications aren’t all they’re cracked up to be. Older software often introduces security vulnerabilities into your network, and because these flaws may not be discovered until after an application’s release, the set-it-and-forget-it method of technology management isn’t a very successful policy.

Moreover, it’s important to reconsider your business security any time you add a network component. Even if you have robust data intrusion detection, firewalls and other IT solutions, you could be putting yourself in a vulnerable position if your wireless devices don’t all follow security best practices. There’s also the issue of data security with outside vendors—your information (and your clients’ sensitive data) could be at risk if those vendors aren’t using proper encryption, access management and other data protections.

This is where MSPs excel by evaluating your network as a whole entity, auditing for security weaknesses in applications, devices and infrastructure. They can also provide user training to knock out security issues resulting from human error and will work with outside vendors to ensure your data stays protected even when it’s not stored on your own servers or networks.

We read a great article by CIO the other day – it was about turning digital transformation into a practical reality. The piece got us thinking about practical considerations when it comes to digital transformation in businesses, and whether it is even feasible for certain businesses to make the digital transition. Read the article here.

Digital transformation often entails a cloud-based solution. Why? Because the cloud allows businesses to take advantage of significant on-demand processing power and storage without having to spend capital on building or maintaining an on-premises server room and all the infrastructure that goes inside. This move to the cloud though comes with some practical considerations that need to be made, as certain businesses might not be ready for a digital transformation.

So, You Want to Go Digital?

The cloud is the foundational enabler of digital transformation – it offers the scale, speed and fast execution that businesses need in the digital sphere. If you want a digital business, you need to determine which of your applications will be moved to the digital space (bear in mind you can go full cloud or choose a hybrid system). Making this decision isn’t easy – so here are some questions you should ask when considering your digital set up:

• Who needs access to each application? How many of those people are there?
• Where do they need to access them?  In the office, on the road?
• How sensitive is the data you use and store?
• What percentage of the data you need to store is “current” and requires frequent fast access versus historical, for reference purposes only?
• How big are the files that you work with?  Word and Excel files are very different to large graphic, video and sound files, for example.
• What volume of your network traffic accesses each application?
• Given the volume of network traffic that accesses data proposed to be in the cloud, can your current or proposed Wide Area Network (the link to the outside world and back) handle it and deliver a good user experience?
• How will you prioritise traffic so that you get the most out of your WAN and minimise network costs?

QCS Group Cloud Readiness Assessment

Not sure whether your business is digital transformation-ready? We offer a service that will help you to determine whether your cloud migration will be a success given your current application set, proposed WAN configuration and manner of conducting business.

This service is called a ‘Cloud Readiness Assessment’. Using advanced simulation tools, we can pinpoint all the pain points in your system before any capital outlay is made. The net result is a transformation plan that will ensure a much smoother migration.

The Importance of an Informed Decision

QCS Group has seen numerous businesses jump to the cloud to take advantage of all its benefits, only to fall flat because of all the hidden gotchas that nobody on the team expected (that’s usually when QCS Group gets a call for help). We can assist you to identify those hidden issues and make a plan to counter them ahead of time.

If you have any questions about whether your business is ready for a digital transformation, don’t hesitate to contact us.

Recently, Gabriel Leperlier – Verizon’s head of European advisory services for the payments cards industry (PCI) – visited a press briefing in London, where he talked through some of the worst-case scenarios he encountered when investigated payment card data security and compliance breaches. These breaches include hidden routers, dodgy security providers, secret modems and more.

Here are 6 IT security nightmares that were spotted by Verizon in the last few years – Take note and learn from the lessons!

When a Printer Is Not Just a Printer

At a military facility in the Asia-Pacific region, an infosec professional noticed unusual network traffic that appeared to be coming from a freshly ordered fleet of printers. According to Leperlier, “A few weeks or months after delivery one of the system admins realised that there was some very strange traffic on the network. He said to the firewall team, ‘this is strange, I can see some traffic between the printers and even between printers and other systems’.”

He took it upon himself to investigate further and disassembled one of the printers by hand.  What he found provided a big wake-up call.  He located a modem inside the device which was transmitting everything the printer’s rogue software could collect on the network to a foreign country!

The message to take away from this incident is that you can have all the technology and IT security control in the world – but without skilled and thorough employees (or contractors), your business is at risk.

Server Room Access for Everyone

While checking the IT security access on another company’s system, Verizon noticed that the CEO, CIO and other C-suite executives and cleaners had full access to the server room. Leperlier understood why the cleaners had access – they had to clean every room – but he wondered why the CEO needed access to this room (hint: he didn’t).

This case highlights the need not just for technology to keep information secure, but for clearly defined policies. Access should always be granted only to those who need it, not just because they are senior.  Senior personnel get compromised too – in fact, they are one of the primary targets for compromise by hackers.

Staff Workarounds 1

A Verizon team visited a gift shop (which was part of a wider shopping complex) to check the access to a payment terminal system. This terminal was accessed by a badge, and only the manager could access the most sensitive information. This information was given to the Verizon team by two staff members – who went on to say that the manager was on holidays and then proceeded to open a draw that contained her access card!

Leaving the card behind was intended to be helpful while the manager was away, but it actually compromised the security of the store. According to Leperlier, this indicates the importance of a good working knowledge of security culture at every level of the organisation, from the IT team to operations to managers and even staff on the shop floor.  Staff need to understand they can’t just create their own workarounds to information access issues and the company needs to make arrangements for issues like how to take holidays without compromising security.

One Character Passwords

4 years ago, Leperlier interviewed an IT security officer who was managing a physical access control system. When Leperlier asked about the process of providing greater levels of system access, the interviewee opened up a new security application and typed in a one character password to enter.

Leperlier couldn’t believe that this IT officer would rely on a one character password, so he asked him to log in again. Sure enough, he hit one key on the keyboard and was granted access. “Is that a one character password?” Leperlier asked. “Yes,” the interviewee responded, “That’s why I don’t like people looking at me when I’m logging in!”  In his (poor) defence he went on to say “it’s one character, but it’s a special character!”.

We probably don’t need to say it, but having a one character password, even if it’s a special character, is terrible information security practice – passwords should be complex and include capital letters, numbers and special characters.

Servers in the Bathroom

A couple of years ago, a retail company that operated partly out of Mexico suffered a security incident and requested an on-site audit. Verizon realised that this company was relying on an unknown security provider, and when they went to check out the offices of this service provider, they found a tiny operation that ran out of a small apartment (and all the servers were stuffed in the bathroom).

According to Leperlier, “PCI DSS is not just about technology, it’s about people and process… If we didn’t go out and see what was going on in Mexico then we wouldn’t have seen they were working from home with a server in the bathroom. You need to check!”

Staff Workarounds 2

Verizon visited an organisation that was sure it didn’t have any wireless networks operating in the building, but using scanning technology, the compliance team kept on coming across a signal. Eventually, the team pinpointed that this signal was coming from the server room.

The IT offices were located 3 flights of stairs up from the server room, and it turned out that rather than walk up those stairs every time something needed to be checked – someone had installed a router in the server room so that they could access the servers from their desk.

The hidden router represented an unprotected node on the system that extended the attack surface of the organisation without authorisation.  Again, an easy workaround had produced a security vulnerability.

Need an IT Security Review and Refresh? Contact QCS Group

When it comes to managed IT services, we make networks run smoother, boost productivity, increase security and fix problems fast.