October 28 2016

The single most important step to lower your 2017 Network Security Budget 08:30 am

Saving thousands – even tens of thousands on your Information Technology (or IT security) budget in 2017 is possible.  The suggestions below show that outstanding information security results are possible independent of large security budgets or specialized security consultants.   Our customers representing hundreds of PC’s users have consistently and methodically lowered their security incident count and the severity of security breaches over the last 24 months.  Recently we celebrated the last 6 months with having only 1 client with only 1 virus on only 1 computer.  (This was back in May and we hope that client never does this again, as it will mess up everyone’s stat’s!) This update will show how a manager or executive can hold a technical team accountable for great results and control a security budget.  It will also identify how a technical team can institute specific security actions that together dramatically lower the risk profile.

Before outlining the steps and methodology of how this works let us offer proof that outstanding results are possible.  Our validation comes from a comparison of PCIT’s clients to a survey of 540 Canadian and worldwide organizations by the Osterman Group.  In this survey 72% of the Canadian organizations experienced a security attack within 12 months while 60% of PCIT’s clients experienced the same.  However, what happened after the incident was even more striking.  The survey reports 63% of those attacked experienced severe downtime of over 9 hours.  None of PCIT’s clients experienced severe downtime.  Most telling is that the survey respondents appear to have a significantly higher budget on digital security and even dedicated security resources.

The most effective method to lower security results is surprisingly low cost.  This #1 tool is not a special antivirus software, next generation firewall, two-factor authentication, biometrics, independent network penetration testing, or other esoteric approach.  PCIT sees the most effectiveness in network security simply by measuring incident rates of a single network and then comparing those results to a peer group.  As PCIT delivers IT services for many clients across the Peace River region this has become an easy process.  First, every virus, data breach or malware incident is recorded.  Next we track how many of these occur each month for each client.  Last we compare that clients’ results with our entire client base.  A sample table is below.

Operational Results Summary

The table below is an excerpt of key service delivery area metrics that PCIT tracks on a regular basis. security-incidences-table

This methodology is so powerful because it provides owners or executives responsible for IT security actionable data that they can relate to.  If they have more malware than their peers it becomes clearer to a non-technical person that a change needs to be made.  If the IT resource can then pinpoint where the differences are between them and their peers approving a specific action to get better results becomes a lot more justifiable.

The dynamics of this approach are hard to communicate in a short paragraph.  What we have seen is that while the severity and sophistication of reported security incidences in the news has increased over the last 24 months our clients have methodically lowered their risk profile.  Many have experienced this without increasing IT security spending even $1.  What comparing results to peers and bringing open accountability has done is create a culture across many organizations and industries of security awareness and accountability.  It is this culture and user action that has been the biggest ‘second order’ effect of sharing security results in this manner.

Over the last 24 months we have helped various organizations eliminate or greatly reduce the effect of malware, viruses, and data breaches in their environment.  Our clients have seen these results with relatively modest network security budgets.  We conclude great, even outstanding, network security is possible independent of large capital spending or dedicated IT security specialists.

We would be pleased to release at no charge or obligation our best practices related to network security for any interested party.

August 5 2016

Congratulations PCIT Clients in Defying the Odds 09:59 am

As CEO of PCIT I would like to extend a heartfelt thanks to our clients who have worked with us over the last 12 months to protect their data and digital resources.  Together we have defied the odds and won against a host of hackers in a big way.  Referencing a recent global survey by the Osterman group compared to PCIT’s operational results we find our clients had significantly less malware, less downtime from malware and never paid a dime to get their data restored.   According to the survey of over 540 global companies Canadians PAID the ransom 82% of the time and approximately 1/3 of those surveyed were forced into this situation.

If our customers had not been so proactive in educating their staff and promoting a security conscious approach we would have never gotten this far.  In the summer of 2015 our message to clients was ‘Information Technology could NOT control the security of their data and their network without everyone’s participation and ownership of this concern’.  At that point many of our clients had invested in best in class technology but were also open to taking the next step.  Together we had great results.  If we were keeping score for 2015 it would look something like this.

  Typical Canadian organization surveyed PCIT Customers
Profile 5,400 staff + a CIO, IT Director or Chief Information Security Officer + lots of internal IT staff, respondents across Canada 250 or less staff, mostly have PCIT as 100% IT resource, a few cases where PCIT is responsible for operational results and works along side -1 full time internal staff, Peace River region focused
suffered security attack last 12 months 72% 60%
Percent who last data due to ransom ware and PAID between $1,000 – $50,000 to get it back 72% 0%
Percent who lost data when they refused to pay the ransom 82% 0%
Severe downtime – It took more than a day trying to restore endpoint functionality 63% 0%
More than 9 hours to remediate 60% 0%*
Upper management and C-Level executives are at higher risk 8% target C-suite, 22% target managers Typical Cndn organization results seem very similar – don’t have hard data
High Risk 43% lost revenue, 25% stopped operations Data not available – would estimate the actual results were much much lower
Confident they can stop security issues (after all they have lost of ‘smart people’ on staff, and likely someone solely in charge of security) 51% ? I really doubt most of our clients are that confident.  Guessing results would come in under 20% as being confident they can stop security issues.  Most would probably have an internal resource if they felt they could afford it and find one.  However, these results are starting to speak for themselves.

*PCIT did have a remediation that took more than 9 hours in 2014 but it was just after C-level management requested we remove one of our recent security best practices as it ‘was frustrating the staff’.  Less than 2 weeks later 3 million files were erased after a C-level executive experienced a security breach.  Subsequent to that the security best practice was re-engaged and has remained ever since.

Results are based from an international study released in August 2016 of over 540 organizations worldwide.  Canadian specific results were also discussed in this Digital Journal article.

To me these results stress a couple points.  First, we have great clients who have been diligent in working with PCIT in this regard.  Very few push back and ask us to own the security results when we say we need everyone’s help.  Second, our ‘secret sauce’ appears to be working.   In early 2015 we began benchmarking PCIT’s security results across our entire client base and comparing it to individual customers results.  In this manner we could very clearly identify when our clients were hindering or helping the protection of their data and their operations.

Finally, I believe a deep analysis of the above table completely and totally disproves the fallacy that having an in house resource is the best way to support IT.  The facts appear to heavily weigh against the fact that that no matter how smart, how helpful, how well trained, and how well intentioned internal resources are most Canadian organizations have NO IDEA how large their security exposure is.

I can actually picture the conversation in most boardroom’s as being sympathetic to internal IT resources after having to pay a $20,000 ransom like the University of Calgary just did.  Executive’s not knowing how to manage IT try to get results by hiring, providing budget and gauging results by how well they ‘feel’ about the work that is being done.  To most managers having to pay a ransom can be excused because the bad guys are ‘really really bad‘ and they just know their ‘guy(s)’ or ‘gal(s)’ are good.  Results seem to speak otherwise.

If there are organizations who want to manage technology results by more than a ‘feeling’ we would love to discuss if our approach would be a fit.

July 21 2016

Get $2 Back for every Dollar Spent – in under 5 months 02:35 pm

In the final 4 months before 2016 ends here are some practical suggestions to get $2 back for every $1 spent.

Lower Operating Expense by $1-4,000 per month with Autoworked

PCIT has a new service called Autoworked that can eliminate hundreds of hours of computer input via automation technology.  It is very exciting for several customers.  The biggest barrier to date has been educating potential customers that there is a very new and creative method to doing common work most never considered possible to automate.  Organizations with 3 or more staff involved in accounting related work can typically free up the equivalent of 1 full time staff member.  It may sound harsh but manual data entry into accounting systems is on the way to being eliminated.

Leverage proven technology related methodology

Let me give a real example we just ran across last week.  A junior energy company asked us to move one of their branch office in northern Alberta.  In the process we found 3 bottlenecks to productivity that were virtually invisible but pervasive.  The local area manager had a folder in Outlook filled with IT related emails about some changes he needed.  Multiplied by several other area managers across Canada this energy company was losing TIME from some of their most valuable resources.  In this case the resource was a productive, experienced area manager.  What he was dealing with wasn’t downtime or poor support.   Instead the company had good quality network gear, a great remote connection technology and a solid Virtual Private Network (VPN).

We told the area manager he was losing hours because the design was dated and inefficient for both field users and administrators.  It was also missing redundancy at key points of failure further increasing the productive time lost.

Net result from all of this was that a small investment of $10k per site was going to immediately stop this area managers inbox from being filled with IT related issues.  The value he could generate with the time savings was way past the $10k spend.  What was needed was an approach that was accountable to the uptime delivered.  An approach that also took some effort to measure productivity versus an acceptable standard would be even better.  What the client had instead were great technical contacts who were ‘doing their job’ very efficiently.   To them the standard being delivered was fine.  To an outsider technology was being supported but it wasn’t being leveraged.  An easy payback of $2 for every $1 invested within 4 months was possible.

Leverage Automated Invoicing Technology

Because pcit has shown potential customers how to eliminate hundreds of hours of data entry we have had several contacts ask us if we can automate field related ticket entry into their invoicing system as well.   What we’ve found so far is that the ideal solutions are industry specific.  If the reader happens to be in the construction or Oilfield Services industry they may want to discuss our findings to date.  There are some proven tools out there that could deliver a payback very quickly.

April 8 2016

Fun Time with 200 others and Brad Sugars 08:05 am

Anyone ever getting a chance to attend one of Brad Sugars seminars on wealth will probably find it informative, helpful and fun.  Thanks to ATB Financial and Tiffany our banker there, for the invite.

Brad covered some valuable financial topics such as saving for investing, lowering consumption for investing, business investing and real estate investing.  I found his thoughts on business valuation and purchase approaches to be very insightful.  As a total real estate non investor he did also make a very realistic and compelling case for using debt financing wisely.  His thoughts that real estate is not a great return but via rental and debt financing it is easy and possible was great perspective.  I can’t wait to go thru a few of his books.

Brad also mentioned that his general principle is to never as an owner invest in training his staff.  He made the statement to always have professionals train them.  Very interesting, and this looks like an initiative pcit will need to explore further.

The content was a little crude but also is with a good sense of humour.  I am not sure if having my children at his seminars as Brad recommended would be my first choice.  They may get the impression his communication style is a good one.

photo after seminar

Brad Sugars and Darren

April 5 2016

Coolest Tool Seen this Year 04:50 pm

Does anyone really need a robot to help attend remote meetings?  At first I was skeptical.  Our Network Engineers said that our client had ordered one because they saw it at their corporate Head Office in action.  Next it showed up at our clients office.  The engineers came back and said it was very cool.   I was still unsure.

A couple weeks later we had a meeting scheduled to try and offer some insight regarding collaboration platforms.  As we were onsite waiting for our scheduled meeting in came Carmen.  Actually Carmen was in Fort St John, but in came the robot with Carmen on the screen.  She saw us first and said something like ‘Oh Hi, I guess I’m a little early”.   Next she drove the robot, with her face on the screen, through the boardroom door, around the boardroom and took her place across the table from us.  The whole time Carmen was talking away and very gracious with some of our questions.

The ‘Wow’ factor was definitely happening.  We continued to learn about some of the features and were introduced to how she uses this very cool robot called a Beam .  For a good video  try this review.

The most memorable part of the meeting for me came a little later.  Carmen leaned into her webcam part way through the meeting and turned the beam a little bit to look and engage with a co-worker who was sitting beside her.  It was just like a human would do it.  Except she was 200km away at a remote office and the robot was doing part of the motion on her behalf.

On March 7 we also heard Cisco has a very cool robot used for remote meetings and connections.  She is called the Ava 500.  A little sturdier than the Beam, and no doubt a very well designed machine.  Can’t wait to meet someone over it as well.

The Beam made a great first impression on me.  Easily the coolest tool seen so far this year.   For as low as $2,000 USD your remote offices can be connected like never before.

Cisco telepresence robot

Cisco telepresence robot

Telepresence with robot

Beam Meeting in Action