You may love your doctor, but that doesn't mean you shouldn't seek a second opinion when a condition develops that is out of the ordinary. The same applies to your business technologies and IT operations, whether you're a government contractor or nonprofit. Like medical tests, the results of a checkup can reveal hidden problems that could pose bigger problems later - as one company found out.
What You Don't Know May Cost You
A Maryland company learned the value of a second opinion when it came time to consider a new server. The organization was using a Managed IT Services Provider (MSP) with whom they were happy. There had been no IT disruptions. The IT engineer came to their office every two weeks. But given the cost of a new server, the company thought it prudent to have another provider weigh in. After all, the executive team had no idea what it cost to buy and set up a server, whether it could be put off, and whether there were less expensive alternatives, so they asked a second MSP to assess the state of their network.
What a Network Assessment Revealed
"MSP-2’s" Network Assessment uncovered the following:
- One of the hard drives in a key server was displaying a red light. The hard drive was bad. If just one more drive failed, they would lose all of the data on that server. The hard drive had to be replaced immediately.
- The firm was planning to move its billing system to the cloud, but the current version of the billing software was not cloud-enabled.
- The company had a current firewall in place, but their current MSP had failed to enable any security services on it. In essence, it was like simply closing a front door without locking it.
- The firm had a wireless access point in their lobby set up for guests that was plugged directly into the wall. This provided direct access to their servers and files. Because the Wi-Fi name was XXXX-Guest, they thought it only granted Internet access, was segmented from the network and thus, secure. Not so.
- The company had backups, but the server was set to back up every four hours. Given the type of data they stored, this was insufficient. The frequency was changed to hourly.
- MSP-1 had their alerts sent to an email address of alerts@XXXXXX.com. The only problem: there was no mailbox with that name, so alerts were not being received.
- Although the servers were protected by Uninterruptable Power Supplies (UPS), the batteries in the units were 10 years old. The manufacturer recommends that they be replaced every 3-5 years to be effective if/when they are needed.
The value of a proactive assessment for federal contractors and nonprofits
No MSP is perfect, but the number and severity of issues cited here put this company in jeopardy. A periodic assessment of your network and security is a small price to pay to avoid a “near miss”. This applies to every company, but has special implications for federal contractors subject to NIST, HIPAA, PCI-DSS, Data Privacy and other compliance regulations. Nonprofits are subject to analysis by organizations that rate their transparency and performance.
When was the last time you had an IT engineer look under the hood of your IT network? It’s a lot faster and less costly to fix the engine before it sputters to a halt - as our client found out. Find out how to save money or avert hidden problems with an IT Network Assessment, and register for a Free Security Screening.