SMBs Archives - FIT Solutions

4 Reasons Your Business Needs a VCIO

Posted on August 20, 2020September 7, 2021 by CT Team

As businesses grow, that trajectory usually isn’t a straight, steady line. Without careful planning, those forward steps may be marked by major growing pains. Is your IT environment equipped to support your organization as it matures? The CIO, or Chief Information Officer, is responsible for providing high-level technical consulting—evaluating the big picture and making recommendations to smooth that growth path.

The Role of the CIO

Your CIO handles large-scale projects and IT needs. Let’s say you’re looking at moving your on-premise infrastructure into the cloud. This kind of major migration project takes a lot of coordination: rallying the troops, directing the engineers, getting the proper resources, and architecting how it will work from a business perspective as well as on the technical side. How will operations be affected? What will it cost? What risks are involved? These are all questions to which your CIO can provide answers.

Much of a CIO’s job deals with risk. What business problem are we trying to solve? What are the possible solutions? What are the risks and benefits of each? A CIO evaluates your options, makes a recommendation, and oversees the project to completion.

What about organizations that cannot afford (or don’t yet need) a full-time CIO in-house? How can you get the expertise of a CIO that knows your environment, but on a part-time basis?

Four Benefits of a VCIO

Businesses can outsource this consultant position to a VCIO, or Virtual CIO. Why go the virtual route?

Cost Savings. Between salary and benefits, a full-time, in-house CIO may cost you between $100k-$300k/yr. A virtual CIO is just a fraction of this; for smaller businesses that don’t need a full-time CIO, outsourcing this role makes more sense. Partnering with a VCIO means you don’t have to choose between overpaying and sacrificing that valuable insight.
Perspective. A true VCIO partner will get to know your business inside and out, becoming nearly indistinguishable from your in-house team. However, since they also work with other clients in a variety of industries, they bring that experience to the table in finding creative solutions to your business problems.
Consulting. A VCIO conducts regular technology business planning. This should be a living document, outlining the opportunities, potential pain points, and recommended solutions for your environment over the next 3-24 months.
Disaster Recovery Planning. Disaster recovery and business continuity are a regular part of business planning, but they’ve become especially urgent during the current pandemic crisis. This is one of the areas that showed the starkest contrast between organizations that had CIO or VCIO services and those that didn’t. As various areas went into lockdown or similar restrictions, did you have the necessary infrastructure for your team to work remotely? Do you have it now? If your team is still working remotely, can they access company data securely and without compromising compliance? What other kinds of disasters might your organization face? A VCIO creates contingency plans that prepare you for all situations.

A virtual CIO partner is an invaluable asset to your business. At FIT Solutions, our VCIO services are bundled with our managed IT services, providing you with both the technology and the high-level consulting you need to achieve a steady growth path. Give us a call at 888-339-5694 or contact us today to see how a VCIO can benefit your organization.

Small Businesses: Does the CCPA Affect You?

Posted on April 29, 2020September 7, 2021 by CT Team

The California Consumer Privacy Act (CCPA) went into effect January 1, 2020. This law deals with the right of consumers to know or even control how their personal information is used by organizations. For businesses that collect such information from consumers, this represents new burdens.

Do I Have to Comply with CCPA?

The CCPA comes with certain thresholds that may exclude some small or medium businesses from compliance requirements. What are these thresholds? You’re on the hook for compliance if you are:

Are a for-profit business operating in California
Collect personal information from consumers
Exceed one or more of the following:
- Buy, receive, sell or share personal data from 50,000+ devices, consumers, or households
- Have gross annual revenues of over $25 million
- Sales of California residents’ personal data represents 50% or more of total annual revenue

I Don’t Meet the Thresholds, So Why Should I Worry About CCPA?

The CCPA is the most extensive privacy law ever passed in the US. Other states are taking a page from California’s book and are considering or have already passed similar legislation. Plus, the possibility of having different standards instituted across multiple states could result in the enactment of a privacy law at the federal level. So even if the CCPA does not currently affect you, it will eventually.

Looking at the legislative climate, given the CCPA and likelihood of more laws like it coming soon, it’s clear that there is an increasing recognition of the need for businesses to handle consumer data responsibly, for consumers to have the right to determine how that data can be used, and for businesses to protect consumer data against theft or loss.

What is “Reasonable Security”?

Part of the CCPA revolves around an organization’s responsibility to protect consumer data against theft or loss, like through a data breach. If a business fails to implement reasonable safety measures, resulting in a breach, they may be liable to pay penalties of $100-$750 per consumer per incident, or even higher. What would count as “easonable security” measures? The CCPA does not specify, but some legal experts refer to the state attorney general’s words in the California 2016 Data Breach Report:

“The 20 controls in the Center for Internet Security’s Critical Security Controls define a minimum level of information security that all organizations that collect or maintain personal information should meet. The failure to implement all the Controls that apply to an organization’s environment constitutes a lack of reasonable security.”

These CIS Controls are comprised of a set of 20 broad categories of action, each of which contains subcontrols in the form of specific tools and practices. These subcontrols vary based on the sensitivity of the data you’re protecting, the size of your organization, and the extent of your IT resources. Together, these controls form a defense strategy against breaches and cyberattacks.

We recommend that companies of all sizes take a look at the CIS Controls—especially if you’re at or near a threshold for CCPA compliance. At FIT Solutions, we use CIS Controls and other security frameworks, like NIST, to follow best cybersecurity practices for our clients. Contact us or call 888-339-5694 for help in strengthening your organization’s defenses.

How to Quickly — and Securely — Enable Work-From-Home

Posted on March 24, 2020September 7, 2021 by CT Team

In response to current events, your business may be faced with the challenge of quickly putting a work-from-home program in place for your employees. Here’s the hard part: those employees will be largely on their own, with varying degrees of technical knowledge, connecting from their own home networks and accessing corporate data and resources. You need not only to get them connected, but equip them to work productively, with ample security in place so you don’t put your organization at unnecessary risk.

Considering the Alternatives

The best-practices approach — under normal circumstances — is to distribute preconfigured corporate-owned laptops. Aside from the expense, time might be the bigger issue in our current situation as businesses everywhere are rushing to equip remote workforces. Currently, the time from order to delivery of new laptops is around 15-30 days, for some suppliers.

A tempting short-term fix is to allow employees to connect to corporate resources directly using their own personal home computers, laptops, or tablets. However, this exposes corporate assets to a wide variety of risks that are outside of your control. These risks include outdated or insufficient endpoint protection, access of confidential data by others in employee households, and rogue devices on a poorly secured home network — among other threats.

The Right Technology, Right Now: Virtual Desktop Infrastructure

Virtual Desktop Infrastructure (VDI) is a widely used remote access approach with many advantages. With VDI, employees use their personal devices to access a virtual desktop — a computer that they control remotely. They view the screen, and control it via mouse or keyboard. The approach is much less expensive than provisioning and distributing laptops, and far more secure than a direct connection. With VDI, business owners can:

Provision remote access for tens or hundreds of users cost-effectively with a cloud-hosted solution
Allow secure access by a wide range of employees’ personal devices, from home PCs to laptops and tablets to smartphones
Tightly control access by combining standard login credentials with multi-factor authentication (MFA) to guard against weak or compromised passwords
Keep corporate data off of personal or public networks — the corporate data only appears superficially onscreen, and never actually enters or is stored on the user’s personal device
Provide a familiar environment and business access —the virtual desktop can be configured to look and behave exactly like an office-based system, with access to all corporate applications and data stores, productivity, email and collaboration software

At FIT Solutions, we can quickly set up a VDI for your employee remote access. It is housed in our data center in a private cloud, with all essential security measures provided. We connect the virtual desktops to any applications or data you need, whether those are in another public or private cloud, or in your own data center with access protected through a secure point-to-point VPN.

Have questions? We have the answers. For more information or to get started right away, give us a call at 888-339-5694. We’re also offering a free Remote Workforce Readiness assessment, which you can find here.

Tag: SMBs