These days, without IT, your organization may come to a grinding halt.

Have this realization engrained upon your brain as you make the right decisions that relate to IT.

The post Has Technology Infiltrated Your Core Business? appeared first on Foster Institute.

Depending on your IT Pro’s expertise and their roles and responsibilities at your organization, facilitate their earning their MCSE Microsoft Certified Solutions Expert level certifications in one or more: Server infrastructure, SQL Server, cloud, messaging, etc.  Additionally, there are certifications for Windows 7 and Windows 8.

For IT Pros that support your users, Microsoft even has certifications for Word, Excel, etc.

More info about Microsoft Certifications: www.microsoft.com/learning/en/us/certification-overview.aspx.

IT changes so fast that IT professionals must—continuously—update their knowledge and skills. Your business depends on it.

The post What Your IT Pro Doesn’t Know Can Hurt You appeared first on Foster Institute.

The single most important reason that “great” IT professionals still need to undergo the certification process: He or she will learn what they didn’t know that they didn’t know.

Facilitate your IT team’s obtaining certifications related to their roles in your organization. When choosing external IT companies, demand certification.

Yes, someone’s having a certification doesn’t guarantee a qualified professional. That is not an excuse for allowing uncertified people to support the life-blood of your business. Over the next few weeks you’ll find out certifications are important.

The post My Doctor Taught Himself! appeared first on Foster Institute.

Utilize outsourced IT companies that have the expertise on staff to handle the projects you want to outsource. If your business is in a rural area with few IT professional companies to choose from, then discuss with them ahead of time how you don’t intend to pay them while they increase their own knowledge to a level where they can help you.

Save money and receive better service: When you utilize services from an outsourced IT support company, then clearly define the scope of the work they are supposed to accomplish. Then, leave it up to them to provide you with a flat fee for the work. Then they are incentivized to do the best job they can and also use their time wisely.

The post Stop Paying Outsourced IT by the Hour! appeared first on Foster Institute.

First, how soon after the disaster do you need to be up and running determines your RTO: Recovery Time Objective. You may have different times for different services. As an example, if your business depends upon the Internet or email, you’ll want those services running again immediately. You may decide that you can wait 24 hours before regaining your ability to process payroll.

Second, how much data can you afford to lose in the event of a disaster? RPO stands for Recovery Point Objective. Do you need your data to be restored to the information you had backed up the night before? Or an hour before? Your RPO period may be very short for important data that, once lost, is gone forever and cannot be regenerated.

It is your responsibility to direct IT as they prepare for your desired RTO and RPO. Have them show you the price for two options. That way, you can protect yourself appropriately depending on the actual risks you face. Avoid over-insuring or under-insuring your business continuity.

The post Disaster Recovery Plan – Two Points for CEOs appeared first on Foster Institute.

Try it—you’ll see what I mean.

The post How to Cause IT to Fail appeared first on Foster Institute.

When an executive asks their own IT professionals or service providers for advice, the executive wonders if the IT professional has some kind of “agenda.”

When executives talk to their peers and get advice on technology, keep in mind that they may not fully understand how the same technology they tried can help or hurt your organization’s situation.

A qualified independent third party has no “agenda” other than to help you. Most IT professionals, and even IT vendors, appreciate your choosing to seek advice from the qualified third party since then the IT professional doesn’t feel they have to “convince” you of necessary changes.

Most of the time top-level executives have 20/20 hindsight after security event or IT failure affects an organization. I hear questions like, “Why weren’t the IT professionals prepared—why didn’t they do something to protect us from something like this from happening?” Often the executives are very angry at their IT professionals. Wise ones know to go look in the mirror to see who to blame.

The post Executives, Be in the Know! appeared first on Foster Institute.

A Distributed Denial of Service (DDoS) attack can certainly cripple your organization – at least from an IT perspective.

A Distributed Denial of Service attack works like this:

First: An attacker infects thousands of computers around the world—including home computers—via “spreading a virus.”

Second: The attacker instructs each of those thousands of computers to simultaneously create an enormous “Traffic Jam” at some location by flooding that location with data traffic.

The flood of traffic prevents all access to the Internet.

At the recent Black Hat conference, Jeff Moss—the founder of Black Hat, shared that we have to stop DDoS attacks, and attackers can launch traffic jams so huge that it is impossible to thwart the attack.

Every time we find out a way to stop DDoS attacks, attackers take their game to a higher level. There are ways to shore up defenses and the better the defense, the more expensive it is. There is no “guaranteed” protection against a DDoS attack.

Make sure your Disaster Recovery Plan and Business Continuity Plan addresses DDoS attacks against your organization. Also address the possibility of losing access to email, VoIP, Online Shopping Carts, web connections, online backup, and “the cloud” as you know.

The post One Way an Attacker Can Crash the Cloud appeared first on Foster Institute.

There is a “middle-person” known as a broker. Brokers pay the IT professional and then sell the exploit information to the highest bidder—which could be a foreign government or a terrorist organization. With pricing in the millions, you can see why IT professionals would be tempted to sell to a broker.

The “high resale value” exploits are the ones that the vendors such as Microsoft, Adobe, Google, etc. do not know about yet. These are called “Zero Day” exploits since attackers can launch attacks knowing the vendors have not yet released patches to prevent the attacks.

For more information, Forbes magazine ran two stories that you can either Google or use these links:

http://www.forbes.com/forbes/2012/0409/technology-hackers-government-security-zero-day-salesmen.html

http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/

The post Al-Qaeda Can Wage Cyber-Warfare Against You appeared first on Foster Institute.

1. First, know what is really important. Do you want to compare your organization’s security and use of best practices to what other organizations are doing? It is easy to be more secure than the norm. Or, do you want to know how your organization can get better and the pros/cons of making changes?
2. Second, be sure you know what you want as a result of your audit. Do you really want to grade your IT team and/or increase overall security at your organization? You wouldn’t criticize a heart surgeon who doesn’t know all about orthopedic surgery. Sometimes your IT pros just need a little coaching to tweak the equipment that your organization already has in place.
3. Third, knowing what metrics to measure to show IT is making constant improvement after each audit is important. If the score is the only metric used to measure IT, and then just like anyone who is getting a bad score—even in a chess match—IT will be tempted to look for ways to cheat, procrastinate, or even discredit the entire process.

Please post your comments on this blog.

The post Three ways to ensure an A+ audit grade appeared first on Foster Institute.