Your personal cyber security

Security​There is always something in the news regarding IT security – whether it’s the horrendously scary GO Zeus or remembering to cover your PIN code at the tills, all around us we are being warned about the impact of letting our guard down. But be honest, how many of us still think – It won’t happen to me?

That includes me. Without ever wanting to admit it, my ignorance relating to IT Security plays a part of my total lack of addressing my weaknesses.
 
But these are real threats and there are huge organised groups out there, incredibly smart and devious, that are ready to take advantage of vulnerable and unsuspecting folk. There are probably a million things that you can do to protect yourself, I sure as hell don’t know all of them – but below are some easy top tips to remember to keep you a little bit safer.
 
1. First rule – Don’t ever think ‘it won’t happen to me’. It can. Be vigilant and don’t ignore ‘strange’ things even if they seem small and insignificant at the time. If something looks suspicious, don’t ignore it.
 
2. An old favourite, but be careful when opening attachments or links in emails. If you don’t know the sender, or it looks suspicious – Don’t Click! A little known fact (and not something I am proud of) but I once opened a file from ‘DHL’ – a supplier at the time. I was lucky. My computer was contaminated with a programme that kept taking me to Wowcher or would download 100s of adverts every time I tried to do anything. Like I said, I was lucky it wasn’t something more malicious – but my computer still had to be sent away to get rebuilt and resulted in about 2 days downtime in total. And a lot of embarrassment. But imagine if that spread to the whole business…
 
3. Practice good password management. And that means, changing it regularly, using a good mix of characters, not using the same one on multiple sites. And don’t write them down. Thinking ‘what a nightmare’ to think of strong passwords and then remember them all? Here is a useful site to help you create memorable passwords.
 
 
4. It might sound obvious, but don’t leave your devices unattended. Your computer, tablet, phone etc – if you do have to leave them for any length of time, remember to either lock the keyboard, or lock them away. And this goes for USB sticks and flash drives – if there is something on it that’s valuable to you, then it is valuable. It takes just one opportunist to give you a complete nightmare day.
 
5. Backup Backup Backup!! My brother owns a Business Tech company, and tells me this is one of the most important things to remember. If it all goes a bit wrong and you find yourself with an empty hard drive – your files will be backed-up somewhere. But remember to do it. Mental note to self – remember to back up….
 
6. Be savvy about your browsing, and only use a device that belongs to you, and on a network you trust. Non secure networks will mean your data is vulnerable, and you will need to consider what it is you are doing. Make sure your firewalls are up to date, and if you do sign into your local Costa wifi, select it as a ‘Public’ network.
 
7. You can’t get away from Facebook, Twitter etc etc (I am not ‘with it’ enough to know all the different networks out there, but I am advised that there are many) but don’t forget that these are actually incredibly public, especially if you have not selected the right privacy settings. Therefore, be careful who you ‘link in’ with. If you don’t actually know the person / business you are connecting with, then be aware that they will now have access to a lot of personal information. Not to freak you out, but this will include where you went to school, when you are going on holiday, names of your kids …
 
8. And so to end on another old favourite – don’t ever give personal information to someone over the phone or internet unless you are 100% confident they are who they say they are. And in any case, if they are legit, you will never have to give this information out.
 
Hopefully, I haven’t completed messed you up, and this is just a reminder of what we already know. If you want to know more about how Cyber Security affects you, please contact us HERE with your query.
 
Stay safe people.
 
TER

How does a Finance Director go about budgeting for IT?

Tanya Srikandan is a Chartered Accountant, with over 10 years financial experience. Her business, Flame Financial, provides financial support and consultancy to small businesses.

In this piece, she offers some of her thoughts when considering IT budgeting, from a non techie point of view.

As a Finance Director, working predominantly with small or charitable organisations, it is my job to ensure that enough funds are allocated for ‘IT’. But what exactly is IT these days and what is the right amount?

I know that the finance department of most organisations tend to have their own ‘special’ reputation – but the truth is, we care very much about making sure the rest of the business has the right tools to do their job, that all our employees are productive and confident that their equipment will not let them down. And on those occasions where their equipment does fail – we have to make sure we can get them up and running as soon as possible – after all, employee downtime affects our profitability and our ability to compete. Like many FDs, particularly for smaller organisations, I am responsible for Business Continuity Planning (what we need to do in the event of a disaster) as well as preparing risk analyses for high impact events happening, all weighed up against costs of prevention or doing nothing.

So back to my first question – what is IT?

What should we be considering when setting the annual budget? The industry is moving so quickly, and some of us (including me) are in danger of being left behind, as a result of the fear of the unknown and therefore not investing in the right technology. And this will have a huge impact on our organisations. There are two issues I think most Finance teams have fallen foul of in the past – firstly, not discussing requirements with the IT department, or IT services provider and secondly, considering IT expenditure in terms of the current year only.

IT is so critical to businesses these days, not only to stay ahead of the competition, but to be aligned with the needs of our customers. IT should not just be viewed as necessary for the day to day, but as a real investment into the future of your organisation. However, without speaking to the ultimate users of the technology (your employees and clients) and the experts (your IT team), you won’t be able to make a robust and well thought out decision as to what you need.

There are three categories of IT – Operational, Investment and Strategic. Let me explain my understanding of the different categories.

Operational – These are your day to day IT needs, such as tech support, licences, server maintenance software upgrades and critical events.

Investment – This is where you would be introducing new initiatives, or improvements to existing kit or software, including your website, better firewalls and the like.

Strategic – Looking at a longer term scenario, this would include new technologies, fundamental changes to business processes or completely new systems.

The annual budget process of course forms part of the larger business strategy process – so ideally you will already be communicating with your operational leaders regarding their budgets and what they will need for the coming few years. As part of this process, you should be speaking to your IT team to determine improvements and efficiencies that can be made – but more importantly, their view as to what should be budgeted for the above.

Operational

Operational IT requirements, for example, are critical for running your business. You should avoid cutting costs here, particularly if you are experiencing trading or operating difficulties. The last thing a distressed business needs is for its IT to fail. So, within this category I would throw in server maintenance and replacement, key software upgrades and administration of your IT systems – such as your IT support.

Investment

I would classify these costs as those which improve your existing technology and equipment. So not critical in the same way as Operational requirements, but vital for the longevity of your organisation. If cash is tight, or if finance is required elsewhere within the business, these items could be deferred to a future period, without materially impacting the health of the business. However, likewise, if your business does have some spare funds, these initiatives could equally start sooner than originally intended.

Strategic

So, today these costs may not seem essential, and are therefore quite likely a good candidate if savings need to be made. However, by virtue of what they are, they are likely to be tied into the strategic objectives of your business. Therefore be mindful that if these have to be cut now – you don’t lose sight of them.

Now, the fun part. How much is the right amount to budget?

In order to ensure that your business is best placed to operate within its market place competitively and efficiently, getting the right cost split between these categories is important. Ideally, you will be in a position to allocate funds to all three, but this is not always going to be possible. Warning! Don’t continually cut out your Strategic costs as an easy option to save on your budget – your organisation needs these, otherwise it will be left behind.

Okay, so I know, a lot of this is easier said than done, particularly if you are a small business or a not for profit organisation, and you do not have an abundance of funds. The most important piece of advice I can leave you with? Set aside cash whenever funds allow, to enable you to execute future IT initiatives, including budget not spent. These reserves can also be used in the event of a serious failure of your technology. As a small business, the last thing you need is to be stuck. Ensuring you have sufficient budget allocated to operational / day to day costs, should be high up on your list.

£60 per person per month is considered sufficient to cover all your operational, and therefore critical needs. This should represent around 60% of your total IT spend (fund allowing) with 20-30% put aside for Investment, and 10-20% for Strategic spend. This equates to £1,200 per annum per employee, and for a business with 35 employees, this totals £42,000.  For a small business this could feel expensive, especially as IT is sometimes considered as an intangible benefit and simply a cost.

However, if you consider an average office salary in London of £25k, this equates to less than 5% of their annual cost. But now consider what happens when, for example, as a result of failing to upgrade or improve critical software, your member of staff was out of action for 1 or more days. This equates to £100 plus per day, not including the cost of lost business. Should your server fail, for a business with 35 users, this now reaches £3,500 per day.

I know from experience, that another by-product of suffering a failure in your equipment, is the resultant workload from trying to ‘catch up’, as well as affecting staff morale, particularly if this is a regular occurrence. Last minute or panic IT purchases also tend to be more expensive. And let’s not forget the impact on your industry – you are now operating at a capacity lower than your competitors.

I mentioned earlier, that if you have to save costs somewhere in your IT budget, look at your Investment and Strategic costs first. Your business can survive a small nip and tuck here, for a year or so. But don’t lose sight of these areas. Please do look at other areas of your business first – and identify where savings can be met elsewhere. For example, what about your marketing budget (or is there scope for some Investment funding to be included here?), or your office maintenance and cleaning contracts – when were these last reviewed? New technology, faster and better hardware, more sophisticated software and the like – is out there and available to everyone, including your competitors …

Woah, too much too soon?

If this not something you have really thought about before, don’t panic! Now is as good a time as any to start. Take a moment to chat with your managers, and your IT team – and find out what you really need and how you can take advantage of what is out there, in order to achieve your objectives. Don’t forget, your closest competitor is already doing it!

If you need some financial advice regarding your organisation’s budget or some further information on what is your optimal IT spend, please get in touch.