Why the most expensive IT advice isn’t necessarily the best IT advice
It’s clear that cybersecurity threats are an ongoing and pernicious threat to modern businesses. Indeed, the UK government’s Cyber Business Breaches Survey last year puts the average cost of a breach at £8,460 in lost data or assets (although of course in many cases this number is much higher). Clearly organisations need to take cybersecurity seriously, however that itself does not come without cost.
There has to be a balance between on the one hand investing in sensible mitigation and on the other spending all the company’s profits based on a consultant’s promise that this is what you need to do to protect yourself.
It’s understandable to assume that protecting yourself from cybersecurity threats is going to be an expensive business but that does not have to be the case. Indeed, there are some things you can do that will cost you nothing whilst giving you protection at the very boundary of your business to the internet.
Speak to a consultant and they’ll likely advise investing in an eye wateringly expensive firewall and Office365 E5 licenses at £30.80 each. However, your existing firewall can be configured to restrict incoming traffic on a geographic basis. Blocking traffic from China and Russia, and no-one from those countries will get into your network. Of course, a motivated hacker can proxy through another country’s servers, so you might decide to only allow traffic from the UK and Ireland for example.
Whilst this still isn’t a complete solution, it costs absolutely nothing for your business to implement, can be done on even the most inexpensive firewalls, and cuts the attack vector down to just the UK without you having to invest in any new hardware or software. This would have stopped the HAFNIUM Exchange server exploit last year in its tracks, as most of the attacks came from China.
It’s not in the interest of a consultant to recommend a simple step like this because there is no revenue in it for them nor any expensive fees that can be charged, but the right IT service provider (typically one that isn’t motivated by commission, of which more later…) will always be looking for simple, quick wins that you can introduce to improve your set up at little or no cost.
If you choose the right service provider then you could get a hosted mailbox that includes backups, enterprise-level anti-spam filtering, AV protection, attachment sandboxing and URL rewriting – all things that reduce the possibility of malicious emails getting into your business and improve your chances of recovering your mailbox if they do. However, these things are not included in the O365 standard licenses, and some of these features are not included in the Enterprise O365 licenses either, so you need to know what to ask for and who to ask, and you need to be sure that the advice you’re getting comes from a provider that takes a ‘whole of market’ view rather than being fixated on selling one or two core products.
I had an interesting conversation recently with a friend who works in a large investment house in London, and he is constantly amazed at how often badly written systems are simply thrown at users, even though they either don’t work at all, or they are so ineffective as to drag productivity through the floor. When you dig into it, it generally turns out that systems like these have been implemented within a business because an expensive consultant has come in and told the board that this is what they need.
I have blogged before about how IT suppliers are driven by commission. Office365 has made this particularly prevalent, so unscrupulous IT companies will upsell Office365 licenses wherever they can, often making businesses spend thousands of pounds a month on licenses that are simply not needed so that they can get a few hundred in commission.
What’s my point here? My point is don’t go to the big suppliers because you feel you should. Don’t take comfort in them being reassuringly expensive. Do some research, look around at who other companies use for IT provision, and more importantly whether they are happy with them. We have customers that are still with us after 21 years, and there’s a reason for that.
At Allware we are not driven by commission. In fact , when Microsoft announced their NCE (New Commerce Initiative) which I blogged about last month, we were very pleased to go to many of our customers that bought perpetual licenses with the news that their prices will not be going up at all. There is some satisfaction in saying “I told you so!”
Give us a call or drop me an email if you’d like to talk about how we might be able to help you.