Budgeting for Information Technology continues to be important, and may be more important than ever as penalties increase for violations of compliancy and network breaches that result in loss of personally identifiable information. It can be argued that budgeting for cyber security and subsequently funding that protection shows evidence of “due diligence”.  With IT being a known enabler of business operations, it’s hard to find a more effective way to risk operations than by neglecting your IT budget or failing to fund budgetary line items when they come due. So how do you increase IT budgeting effectiveness without breaking the bank?

First, don’t delay your IT budgeting exercise, nor delay funding your budgeted line items. Imagine delaying your vehicle’s oil changes until the end of year.  Sure you’ll only need to fund one service, until the mechanic announces you need a new engine.

We recommend you meet with your service provider annually and request advice on software and operating systems approaching End of Support (EOS), as well as core infrastructure upgrade schedule.

When budgeting, start with known monthly income and expenses, and consider last year’s expenses as this year’s starting points. It’s good to periodically review these expenses and their providers to make sure you’re getting the lowest price available for what you need.

Each infrastructure device should periodically be evaluated for available firmware updates and patches, and your IT budget should include these updates. Backups and BDR solutions should be regularly evaluated to ensure that files and file systems restore successfully and there’s available space for future backup sets.

Next, host a budgetary planning meeting that includes your IT service provider and a representative from each department.  Ask your staff what they hope to accomplish with technology over the next few years, and capture this information so it can be mapped on a budget timeline.  This can be looked at as a “brainstorming” session, where criticism of ideas is kept at a minimum to encourage thinking outside the box. Another useful question is “what’s working and what’s not?”.

Following this meeting, research is required to identify and quantify requirements for the brainstormed ideas. You’ll want to involve your IT department or provider who can generate quotes with pricing.

Look over the quotes, then ask your provider to justify any line items you don’t understand, to explain labor entries and scopes of work, and to compare each solution against less expensive alternatives. Don’t forget to evaluate expected benefits and fulfilled compliancy requirements in addition to costs.

Dependencies need identifying, where one change requires another to occur in advance. Multi-stage dependency requirements can expand a project’s budget significantly.

Now how do you pay for these budgeted items?  With positive cash flow, available short-term assets, and by tapping equity and borrowing sources. Increase your positive cash flow by collecting payments quickly after you deliver your products or services, setting up your customers to pre-order from you, negotiating with vendors for longer payment terms, reducing your inventory to just in time, and continually re-visiting your budget to confirm spending and verify expected results. Many IT Manufacturers and Distributors offer attractive financing, sometimes annuitizing without interest and offering $1 equipment buyout at final payment.

Budgeting can increase stress.  By creating a budget in advance, involving all departments, and by making sure technology upgrade projects are planned for and don’t blind-side you, you can ensure the “going concern” nature of your organization and reduce everyone’s stress. This isn’t an illusion, but a very real result of your budgeting timeliness coupled with a reduction in frequency of invoicing surprises. You’ll look and feel like a hero.

Useful Resources

• IT budgeting: A cheat sheet – TechRepublic
• Building your 2020 IT budget: Seven steps – ZDNet
• Finance Fundamentals: 6 areas to successfully operate your business – SCORE
• Hardware to consider adding to your 2020 IT budget – ZDNet

For a confidential discussion of your situation or concerns, give your Technology Partner a call.

The LeeShanok Team

(602) 277-5757  Phoenix,   (520) 888-9122  Tucson

On May 31, 2018, Security Intelligence published a mid-year article “Are Ransomware Attacks Rising or Falling?” (https://securityintelligence.com/are-ransomware-attacks-rising-or-falling)

• Ransomware is the top variety of malicious software, 76% of breaches were financially motivated, and 28% of attacks involved insiders (employees).
• Ransom-related attacks are moving to more targeted methods, focusing on quality rather than quantity of targets according to F-Secure.
• In 2017, Malwarebytes tracked a 90 percent increase in Ransomware over 2016, with monthly increases up to 10 times the rate observed the previous year.

Many of the following items are managed for you by LeeShanok. Please review the following checklist, and schedule a call with your LeeShanok Account Manager if there remains any uncertainty.

Monitor Activity – Be made aware of attacks that get through firewall.
Blacklist – Slenders, domains, and geographies that have sent malicious messages.
Backups – Back up servers and file shares regularly, and periodically validate effectiveness. Some backup strategies involve multiple sources and destinations, and may include software from more than one manufacturer. This adds to the complexity but the objective is the same, make sure you can recover from disasters.
User Profiles – If your user’s profile folders are on their local PCs, consider re-directing them to a common storage location that is included in backups.
Patches – Apply patches to Servers and end-user computers, Windows, devices, and software. It’s true that updates occasionally cause problems, but a lack of updates will certainly increase vulnerabilities. If your server has updates in queue, don’t wait too long to apply and reboot.
End-Point Protection – Protect PC’s with antivirus/antimalware software from respected providers (we recommend Trend Micro). Make sure subscriptions haven’t expired and that real-time protection is active. Central purchasing and administration allows for consistent protection, alert handling, license renewals
Windows Firewall – Protect end-user computers with active Windows Firewall, or use the firewall if present in your antivirus software.
Network Firewall – Periodically review your network firewall to make sure it receives software and firmware updates and is supported. Businesses providing internet access to customer’s through a business center or guest-wifi will benefit from content filtering and traffic shaping. We recommend Cisco Meraki and Cisco ASA with FirePower.

Network Segmentation – Segment your network into logical groupings, limiting access by an attacker.

Educate Users – Let us host a free workshop for employees and satellite offices on “IT Security for the Common Worker”, and we will even supply lunch for your team.

Your Technology Partner,
The LeeShanok Team

Tucson: 520.888.9122
Phoenix: 602.277.5757