Select Page
Three Ways to Make Compliance Everyone’s Business

Three Ways to Make Compliance Everyone’s Business

Compliance acronyms often become the “inside jokes” of an industry, a sort of alphabet soup, but the language of business governance can quickly result in confusion. Clever letter combinations echo the rules and regulations of businesses, especially for companies in manufacturing and distribution. Compliance is a company-wide issue that affects everyone from owner to customer. With that in mind, here are three ways to reduce the stress of compliance management by making the rules of the road everyone’s business:

1. Know the compliance acronyms that affect your business

2. Optimize your ERP for reporting and metrics tracking

3. Bring in experts when compliance involves advanced cybersecurity, data privacy regulation, or highly sensitive record management

Business Compliance

Rules and regulations serve to keep your data protected. Here are a few of the most common regulations that govern business data:

GDPR (General Data Protection Regulation)

Information that leaves the European Union must comply with GDPR even in countries that are not part of the EU. With comprehensive regulations for security and privacy in data handling, GDPR essentially protects your company from a security breach. If you draw any traffic from the European Union, you must follow the rules of general data protection regulation (GDPR).

HIPAA (Health Insurance Portability and Accountability Act of 1996)

HIPAA compliance is very common, yet many medical facilities miss important steps necessary to meet the fine print of HIPAA laws. All organizations that interact with medical practices in any way must comply with HIPAA. Health and humans services organizations obviously fall within HIPAA privacy rule, but HIPAA violations are seen across industries as more companies host data subject to these health information laws. Small businesses often fail to comply because of limited in-house expertise, which is why 2021 is moving more and more owners toward partnership with a small business IT provider that offers compliance care.

Here are a few of the types of companies that must process data in ways that comply with HIPAA rules and regulations:

Here are signs that you are keeping up with HIPAA compliance:

Failure to comply with even a single HIPAA security rule has resulted in fines of 1.5 million for small companies and up to 16 million for large scandals. Large scale security breaches are common, and everyone handling or interacting with the medical industry needs to be ready for a cyber attack. Physical theft, such as mobile device theft, is also common, so in-house strategies must include data protection from employees and other on-site actors such as third-party consultants.

PCI DSS (Payment Card Industry Data Security Standard)

Payment data is sensitive data, and is therefore protected by advanced compliance standards. Fortunately, these regulations demand solutions that benefit all businesses. If you collect credit card information for any reason, you must ensure PCI DSS compliance. All credit card information must be encrypted. Data access must be limited and tracked so that information stays in trusted hands.

Information transmission requires firewall protection, cybersecurity software solutions, and proactive security management. The network must be accessed for vulnerabilities, and all software must stay updated, patched, and in compliance with the PCI DSS regulations. A penetration test is the best way to see if your company is at risk of a data breach.

EstesGroup can help you create a compliance plan for your business. Compliance acronyms abound, but the right IT solution will quickly make the rules and regulations of your industry as simple as saying the alphabet.

Get business compliance peace of mind by signing up for a security audit and network assessment today.

5 Takeaways from the Microsoft Exchange Server Attack

5 Takeaways from the Microsoft Exchange Server Attack

A Microsoft Exchange Server Attack Caused Hours of Downtime for Businesses Around the Globe

Last week’s Microsoft Exchange Server attack underscores the liabilities of on-premise architectures compared to their cloud counterparts. On Friday, March 5th, 2021, a zero-day Microsoft Exchange vulnerability was found being exploited across the globe. It affected on-premise Exchange servers, all versions, and allowed the attacker to read emails, exfiltrate data and run the “code of attackers” choice. Unfortunately, a zero-day exploit is one that usually doesn’t have any patches against it. In short, if you had an Exchange Server out on the internet, then it COULD likely have been compromised.

A computer popup box screen warning of a system being hacked, compromised software enviroment. 3D illustration.

Our Break-Fix Client’s Last On-Premise Exchange Server Was Compromised

Microsoft (thankfully) moved quickly, and released a LOT of information, much of it confusing, with many incorrect links. It took our team some time to weed through the chaff and get the actionable tasks from it. The patches are out now, thankfully. It might take your IT folks 4 or 5 hours to install them, and yes, it’s Exchange/email downtime to get them there.

What’s the answer?  I’d say “defense in depth”:

Here are 5 steps you can take to mitigate the potential damage of the Microsoft Exchange Server attack:

  1. PatchingPatch publicly exposed servers quickly and completely.
  2. Zero Trust – Once your servers are built, and before they are exposed to the internet, lock them down! Malware protection can help, but Zero Trust is the ultimate malware protection!
  3. Cyber Insurance – Offload the risk to the insurance company.
  4. Migration – Move the service to a more agile company. Microsoft Office 365 was not vulnerable to this exploit.
  5. Backups –  Enough said.

These 5 steps can be takeaway lessons for even those unaffected by this security breach. Cloud computing costs are decreasing while increasing cybersecurity availability via affordability. Talk to our IT specialists to learn more about how cloud technology can protect your business.

 

Worried about getting hacked?

Download our free guide to mobile cybersecurity.

3 Signs It’s Time For a Server Upgrade

3 Signs It’s Time For a Server Upgrade

Is Your Server Seeing Stars?

Sometimes called a “super computer” or simply a “computer bigger than yours,” a server is a technological infrastructure that hosts a shared resource pool. Servers become more complicated as small businesses grow and require multiple pieces of hardware to support company software. A multi-site company might have multiple servers at each location to support various types of users, devices, and software interactions. Many of us never physically see the servers that support our personal devices, yet our data is available across phones, laptops, tablets, and desktops. Unfortunately, old servers put our data at risk. Is it time to take a good look at a server upgrade?

Server Upgrade IT Strategy Team

Sign #1: The Word “Outdated” Comes to Mind When You Think About Your Server

A timely server upgrade can increase profitability by giving you a competitive edge since a server upgrade is most often a “profit now, profit later” occasion. For example, Section 179 allows business owners to upgrade technology and write off purchases. Business growth is challenging, and investments can be risky, and there are programs in place that acknowledge and assist with this reality. Like you might replace an old furnace or broken window when the timing is right for tax deductions, you might replace old technology when your CFO or accountant sees an opportunity to take advantage of a tax break.

Sign #2: You Find Yourself Questioning the Security of Your Data

A handful of “S” words haunt the security issue, with servers as the first serve. When looking for signs of server insecurity, also inspect system assessment history, speed issues, storage requirements, and sensitivity of information handling.

Is your current server architecture safe from hackers? Ransomware is becoming an amateur hacker’s play now that Cybercrime as a Service is becoming a popular business exchange on the Dark Web. SaaS (Software as a Service) and BYOD (Bring Your Own Device) cultures increase the risk as they both allow more complex interactions with your network.

How much of your data is sensitive, and can your servers keep up with compliance regulations? If your office handles medical information, you’ll need technology solutions that comply with HIPAA. The acronyms of compliance are often industry-specific notations that change yearly to adapt to new threats.

Backup management and documentation strategies need to be supported by a network that can process information swiftly and without risk of data loss. Storage needs increase as devices become more interactive, and physical servers don’t offer the same flexibility as virtualized servers, so this is also something to take into consideration as you question data security. No room in the server means no data saved for your future. Inadequate or improper data storage can become a costly mistake that can lead to significant strain on your budget.

Sign #3: You Worry About Stability & Know a Server Upgrade Could Help

If you have a physical server to maintain, you know the burdens of cooling costs, fire alarms, and on-site security systems. Your server room is vulnerable to both physical and virtual attacks. Business owners rarely have time to analyze every file created, and every company click needs to be protected from malware and other threats. Ask yourself a few questions to see how much you know about the stability and accessibility of your backups:

  • How do you archive company information?
  • What are the greatest risks to your servers?
  • If you need to upgrade your technology every 5 – 10 years, when will your servers need to be replaced so that you can stay competitive amid advancements?
  • How long would it take to migrate your data to another physical server? Would it be more efficient to migrate data to the cloud? Is your data already somewhere in the cloud?

Now Is the Time To Take a Closer Look at Your Server

Unfortunately, on-premise servers fail, and routine assessments are necessary. EstesGroup can help. Our IT specialists are here 24/7 to provide recommendations for IT infrastructure, maintenance, testing, & more.

Wish to know more about server management?

On-Premise vs. Hosted vs. SaaS

On-Premise vs. Hosted vs. SaaS

Which is right for your business? On-Premise, Hosted or SaaS?

Technology changes at such a rapid pace that it can be hard to keep up. Today we are going to dive into the key differences of on-premise vs. hosted vs. SaaS (software as a service) and provide some great reference points that you can align best with your business.

On-Premise, Hosted, Cloud & SaaS Definitions

On-Premise Solutions

The best place is to start with a quick history lesson. Most businesses have some from of IT infrastructure that they leverage that allows them to operate efficiently and effectively. The traditional method that many businesses begin with is on-premise. In today’s world, on-prem deployment is considered a legacy approach. A legacy approach is not always wrong, as an on-premise solution does have its benefits.

Benefits of On-Premise Solutions

  • Increased security since control is controlled locally.
  • Performance can be important to users who have slower internet speeds and for when occasional software requires local installs for best performance.
  • On-premise software usually carries more features due to development cycles.

Weaknesses of On-Premise Solutions

  • Infrastructure: Average server life span is around 5 years and can be shorter depending on growth.
  • Cost: Considered a Cap-X expense and can be more expensive then SaaS counterparts.
  • Security: Endpoints, backups, patch management, etc. — all needs to be considered.
  • Future proofing: Many servers are more expensive upfront than required to account for future growth. If this is not applied correctly during initial purchase, it can lead to increases in long-term spending.
  • Remote access: Unless originally configured, users outside the office (remote workforces) will have a hard time accessing required resources.
  • Performance degradation: Over the course of time, hardware breaks down and will need to be replaced.

Hosted & SaaS Solutions

This is the future of where most businesses are heading. Hosted solutions generally come in two forms: hardware and software. A hosted server is very similar to on-premise as the main difference comes from the server physical location. This generally means that you get the same benefits as the on-premise solution but with far fewer of the weaknesses. SaaS generally refers to software without requiring the infrastructure to run the software but does not always have the same features.

Benefits of Hosting & SaaS

  • Time to deploy: SaaS-based solutions can be deployed almost immediately in most cases.
  • Expense: Upfront costs are low for SaaS.
  • Minimal Infrastructure: With SaaS solutions, hardware requirements are generally taken on by the company offering the SaaS solution. Hosted has the benefit of being able to right-size resources for the organization with the ability to scale on demand.
  • Flexibility: With both SaaS & hosted solutions, you can increase or decrease resources on the fly.
  • Security: Backups and updates are generally applied by the provider. This is not always the case and requires additional costs depending on the vendor.
  • Performance: Both solutions scale and are not affected by hardware degradation, as the underlying hardware is upgraded by either the data center or the SaaS vendor.

Weaknesses of Hosting & SaaS

  • Internet connection: Both solutions require decent bandwidth at location in order to function.
  • Transparency: Data storage with SaaS solution is beyond the control of the business owner. Hosted solutions will disclose where data is being stored.
  • Long-term costs: Upfront costs are generally lower and moved into an operating cost structure which can be higher, especially if on-prem hardware is owned.

Examples of Deployment Options

Scenario 1 – Startup / Small Engineering Consultancy

A small business with 5 people, you have 3 people working in one location, and 2 employees working remotely. You have minimal overhead, and you are expecting to grow quickly, so you need flexible and scalable systems.

What your key systems might look like:

Large Corporate Business Systems

In this example, a hosted, lightweight solution is totally appropriate. It allows you to focus on the business and not have to worry about managing an IT environment. New users can be added in minutes and can access information from anywhere with no specific hardware requirements other than an internet connection.

Scenario 2 – Established Mid-Size Engineering Consultancy

A mid-sized business with 50 people, you have 20 people working at one office location and users scattered throughout the states with no aspirations of any other offices at this stage. You have an established client base you work for and provide some specialist engineering design services which require some specific CAD software.

What your key systems might look like:

Key Small Business Systems

In this example, you probably have an existing investment in infrastructure and are probably already running a Windows network. You are probably also running an intranet and have appropriate network storage and data backup facilities. You have your own or regular IT support so you can manage your own environment. In this case, you may prefer the software to be installed on your network so you can control it. Hosting is less of a benefit for you, but you may still choose this option for convenience if your current environment is not appropriate for the software due to age or if it is already running at maximum capacity. Over the next few years, we will see a lot of businesses in this space start to run a hybrid model of on-premise and hosted software solutions.

Scenario 3 – Large International Corporate

As part of a global engineering consultancy, your systems are dictated by your owners. They are designed by an internal IT team to fit in with rules and processes as established by an internal governance team. They are very rigid and highly controlled, and most of your systems are on-premise where you have a team of internal IT technicians maintaining them.

What your key systems might look like:

Midsize Business Systems

In this example, the environment and the software are governed by internal policies. These are not agile systems, and they require a large investment in infrastructure. A massive amount of time and effort goes into establishing and maintaining these systems. Eventually, large corporates will start moving towards more agile hosted solution.

EstesGroup understands that not every business operates in the same manner. Some businesses require on-prem solutions while other businesses might be able to increase efficiency and reduce costs by moving to a hosted or SaaS-based solution.

If you are interested in finding out how you can make technology work better for your business, including which solution would fit best, we would love to help by setting up a 100% free business technology assessment. If you have any questions or are interested in find out how to make your business technology operate better, please email Chris Koplar at [email protected] or call 760-216-3452.

IT & Managed Services vs. Healthcare

IT & Managed Services vs. Healthcare

Managed Services vs. Healthcare: Similar Strategies, Similar Outcomes

I would like to start with a little self-reflection. If we are all honest with ourselves, we’d admit that no one enjoys purchasing or paying for health insurance. The process is cumbersome. There are a ton of options when it comes to purchasing health insurance, so how do I know which is the best option for myself or my family? Finally, health insurance is not exactly cheap. Most if not all of us have run into these hurdles looking at health insurance, and many of us have weighed the risk of not having insurance vs. the cost. Health insurance is investing in financial security for the unknown, and it’s shocking how closely this relates to IT and MSP services.

Business owners can view IT services in the same light as healthcare investments, and similar questions arise:

Managed IT Services vs. Healthcare Services
  • What are the associated costs? Is this cost prohibitive?
  • With so many options, how do I choose?
  • What is the risk if I do nothing?

The truth is that IT services very closely mimic health care.

Having a good MSP (Managed Service Provider) provide these critical services very much aligns with preventive health care. Going to the doctor for a routine annual checkup can head off a lot of health issues just like having an MSP can prevent a lot of IT issues. This includes hardware failure, data loss, and security issues that if left unattended would lead to larger problems down the road.

 

Critical IT services quickly justify the cost today by reducing the risk tomorrow.

Finally, IT and MSP services are critical to minimizing and reducing risk. IT services might not always be cheap, but the alternatives can be even more costly to business owners. Let’s consider this in the managed services vs. healthcare paradigm: you might not care to pay for the health insurance that covers lab panels or medications that you can currently live without, but if you ever need the tests and the treatments, enrolling in the healthcare plan today will lower your future costs and risks.

 

  • 93% of companies without Disaster Recovery that suffer a major data disaster are out of business within one year.
  • Downtime can be extremely expensive and range anywhere from $926 to $17,244 per minute.
  • On average, businesses lose over $100,000 per ransomware incident, including downtime and recovery costs.

A Managed Services vs. Healthcare Comparison Reveals Your Need for IT Expertise

Business owners who take IT seriously understand that the benefits outweigh the costs by leaps and bounds. 96% of business that have IT and MSP services in place, including BDR plans, are able to survive ransomware and fully recover operations. IT solutions and application hosting solutions can be expensive and require specialized knowledge. This is similar to choosing a specialized physician for a specific service. If you need a heart surgery, you see a cardiologist. Similarly, if you need cybersecurity, you visit an IT security specialist.

 

An IT Health Check First Appointment

Here at EstesGroup, we strive to make IT solutions simple for customers. Not only do we monitor the health of your business technology and provide the solution when something does go wrong, we also keep solutions affordable because we understand that not every business can afford or needs the same amount of coverage.

 

Imagine being able to visit a doctor and have an annual physical and have all the diagnostics to see your overall health — but at completely no cost. EstesGroup provides such a service, but instead of for your body, it is completed for your business, which is just as important. If you are interested in a free business technical assessment so you can get a handle on the health of your network, see your security risks, and get healthful recommendations, please email me at [email protected].

 

Get healthful IT insights sent right to your inbox. Sign up for one of our newsletters today!

Cyber Verify “A” Risk Assurance Rating

Cyber Verify “A” Risk Assurance Rating

Cyber Verify A Risk Assurance Rating

The MSPAlliance Cyber Verify rating gives customers of cloud & managed services the assurance their provider is using the most current cyber security practices.

 

EstesGroup Receives Cyber Verify “A” Risk Assurance Rating

Loveland, Colorado – EstesGroup has received the MSPAlliance® Cyber Verify™ Risk Assurance Rating for Managed Services and Cloud Providers. Cyber Verify is designed to provide consumers greater transparency and assurance when it comes to the cyber security practices of those providers.

 

Cyber Verify is based on the Unified Certification StandardTM (UCS) for Cloud and Managed Service Providers and governed by the International Association of Cloud and Managed Service Providers.

 

“Today, more than ever, the consumer needs assurance when it comes to matters of cyber security and IT risk. We are honored to award EstesGroup with the “A” Cyber Verify seal and congratulate them on their exemplary display of dedication towards providing one of the highest levels of assurance possible to the consumer. Today, very few companies in the global MSP community have achieved an “A” Cyber Verify rating, placing EstesGroup in an elite group of managed service and cloud providers world-wide.” 

Celia Weaver

President, MSPAlliance

Cyber Verify Rating System

The Cyber Verify evaluates many different aspects of a company’s service delivery, paying particular attention to security. Cyber Verify evaluates internal service delivery security practices, business continuity of the provider, cyber insurance usage, and many other characteristics which are important in the evaluation process of customers seeking out professional and secure providers.

 

Cyber Verify applies the following rating system:
⭐︎ AAA – evaluates the provider’s cyber security practices on a 3-12 month period of review
⭐︎ AA – evaluates the provider’s cyber security practices on a particular day
⭐︎ A – evaluates the provider’s cyber security practices based on a thorough and in-depth self-attestation examination
 
 
 
Cyber Verify must be renewed annually. The Cyber Verify is a first in the industry and specifically designed for outsourced service providers and the customers they service.
 
 

“EstesGroup is proud of our EstesCloud division’s exciting new award – the Cyber Verify “A” Risk Assurance Rating – as part of our ongoing commitment to further strengthen our posture towards cyber criminal activity. Our clients can be assured that we employ the highest standards, and we are constantly seeking new ways to tighten our safeguards.”

Bruce Grant

President & CEO, EstesGroup

ABOUT MSPALLIANCE

MSPAlliance® is a global industry association and accrediting body for the Cyber Security, Cloud Computing and Managed Services Provider (MSP) industry. MSPAlliance was established in 2000 with the objective of helping MSPs become better MSPs. Today, MSPAlliance has a robust and global reach of cloud computing and managed service provider members across the globe and works in a collaborative effort to assist its members, along with foreign and domestic governments, on creating standards, setting policies and establishing best practices. For more information, visit http://www.mspalliance.com/

ABOUT ESTESGROUP

For 17 years, EstesGroup has served as a leading technology and enterprise resource planning (ERP) solutions provider. By integrating business application consulting with managed IT services, EstesGroup helps thousands of companies reduce both costs and risks. As a trusted managed service provider (MSP), EstesGroup employs technology experts to care for comprehensive IT responsibilities across industries. This means companies can focus on the work that only they can do, while EstesCloud technology specialists service the IT requirements of the business. With ERP experts in multiple disciplines, EstesGroup also employs certified, highly skilled ERP consultants to meet the needs of companies of all sizes with application management, managed hosting, professional services, and complete ERP support. EstesGroup is headquartered in Loveland, Colorado, and employs leading IT and ERP experts throughout the United States.

ABOUT ESTESCLOUD

EstesCloud provides managed technology services that meet the unique needs of each business served. Companies across the nation depend on EstesCloud for backup and disaster recovery, compliance, business continuity planning, cybersecurity, on-premise and remote technology infrastructure, managed application hosting, and complete IT department outsourcing. EstesCloud powers on-site work and remote technology enablement, including complete virtual office infrastructure. By offering secure and cutting-edge technology through public cloud, private cloud and hybrid cloud solutions, EstesGroup brings the newest technology to startups, small businesses, midsize companies, governmental and nonprofit organizations, and large manufacturing and distribution companies that depend on robust IT solutions.

 

To learn more about EstesGroup’s service as a leading technology firm, please fill out the form below to get a copy of our “Why Managed Services?” fact sheet.

To see EstesGroup’s deep ERP expertise in action, please fill out the form to get a copy of an Epicor consulting case study that analyzes engineer-to-order and make-to-order Epicor implementation challenges.