SPAM or electronic junk mail are the worst nightmare of all email users. Most of the SPAM consist of commercial advertising and the worst out of all, virus or malware.
Most of email users spent the first few minutes of the working hour to clear out spam to make way for the real email.
What could be the problem with SPAM?
Lost of productivity:
- Spending 15 minutes each day in the office to filter out SPAM from valid email would translate to about 7 hours a month of productivity wastage at work. If you multiply this with the number of people in the company, it would be a serious problem to tackle.
Virus/Malware
- A small portion of SPAM come with a deceiving attachment which usually contain virus or malware. This will be a problem if the security software in your workstation or email server does not catch it. Virus or Malware have the potential of crippling your system or to the extend of stealing the important data from your workstation.
Phishing
- Have you ever receive an email from your local bank requesting you to click on a hyperlink to perform a task with your online account? Well, most local bank does not practice this, only the bad guys do it. Phishing email has causes the industry and people to lose million of dollars.
Bandwidth charges
- This would be a problem if you are on a limited bandwidth Internet connectivity esspecially on a mobile line. Each email including SPAM uses bandwidth to transmit to your device.
How do I get ride of SPAM?
To be frank, even the industry most best spam filter would not promise total SPAM annihilation. Anti-spam solution would help to reduce the amoun of SPAM that you will receive. Most of the anti-spam softwares are based on algorithm provided from the threat center. Each spam criteria/algorithm would have its specific point and an email would be considered as SPAM if the point reaches the threshold.
Software
Computer is dumb and it will treat every email as legitimate data. You would need to subscribe or purchase additional security software to minimize SPAM. Most of the off the shelves computer security software come together with anti-spam feature. Most probabably it will work out from the box or it might require minimal tweaking on your workstation to integrate.
Email Host
A good email host would already has an anti-spam gateway at the server level and filter out most of the SPAM before it could reach you. A very popular anti-spam software on the server level is SpamAssassin and most of the expensive security appliances are built based on it. Talk to your email hosting provider to get a more information.
Email Address
Use a unique email address username which is not a single word in the dictionary. Most spammers would launch a dictionary spam attack to your domain and hope some of it would reach your mailbox. Alexander@domain.com would be a spam magnet while Alexander.st@domain.com would be spam deterrent.
Posting Email address on public website
One of the most common way for spammers to retrieve the victim email address is to crawl the world wide web for possible email addresses to be included in their spam list. Try your best not to publish your email address on a public website and if you have to, you could include your email address as an image.
I hope the simple steps above would save you countless of time and resources battling SPAM.
Thursday, September 6, 2012
Tuesday, August 21, 2012
Help! My website got hacked
Internet security has been one of the most important component in our everyday life but most people is taking it lightly.
We have been hearing website got hacked on a daily basis but what could be the possible cause. In the recent weeks, there is a sharp increase in web site hacking cases by a group of local hackers targeting WordPress website. The victim's website would be defaced with a hacked "Hari Raya" page.
With more than 12 years experience in the web hosting industry, we see most of the hacking cases were caused by insecure and outdated source code in the website itself. This is amounting of up to almost all of website hacking causes.
Possible causes of website hacking:
1. Common Web Site framework (Wordpress, Joomla, Drupal and etc.)
- The most common website framework being used is Wordpress as it is mature, easy to use and it offer a lot of useful free plugins. On contrary on the popularity of Wordpress, it come with a big security issue. Wordpress is an open source platform which means everybody could download the code including the bad guys. This would mean that the bad guys know the in and out of your website.
2. SQL injection
- The bad guys could launch an SQL injection on your website as they know how does your website work. You need to remember that they have the codes of your website. Upon gaining access, they could deface your website and steal your data.
3. Password leak
- Do you save your password in your Internet browser? That is a very bad habit and you need to remove all of it. A virus, malware or Trojan infection on your workstation could cause your website got hacked. The bad guys will be able to retrieve all your password and launch an attack. Use a secure password, save it on the safe location and only share it with the needed person.
4. Easy to guess password
- abc123 and qwerty would be an easy password for you as well as the bad guys. Stop using easy password! Your password should have a combination of upper/lower case, number and symbols.
5. Plugins/Themes
- You have updated your Wordpress but still got hacked, what is happening? We see many cases of intrusion from the plugins and themes. Remember to update all your plugins and themes. Only install the necessary trusted plugins on your website.
6. Compromised host
- The hosting server could be compromised or have bad security policy. From our experience, this would be the last to happen as most good hosting companies secure their servers from attack unless you are getting inferior low budget services from your host. There would be more bad guys trying to hack on website level instead of server level due to the difficulty differences.
10 Simple Steps to secure your website
1. Secure and update your framework all the time whenever there is a new update
2. Choose your plugin and theme carefully. Keep it updated regularly.
3. Hire a good developer to customize and secure the website for you.
4. Inspect your web site logs to trace the possible hacking attempt.
5. Subscribe to a third party security scanning service.
6. Remember to have a local backup copy on your workstation all the time. Usually, your host will do the backup for you.
7. Monitor your Wordpress with plugins. My recommendation would be:
9. Talk with your developer or host on how to improve your website security.
10. Subscribe to Web Firewall services if the budget allow.
Are you totally safe from the bad guys now after securing your website? My answer would be NO! Government website with million of dollars security investment could be hacked so there would be no exception for yours. There is no guarantee that your website is safe from hacking but at least you have reduced the risk by making it difficult for the hacker.
We have been hearing website got hacked on a daily basis but what could be the possible cause. In the recent weeks, there is a sharp increase in web site hacking cases by a group of local hackers targeting WordPress website. The victim's website would be defaced with a hacked "Hari Raya" page.
With more than 12 years experience in the web hosting industry, we see most of the hacking cases were caused by insecure and outdated source code in the website itself. This is amounting of up to almost all of website hacking causes.
Possible causes of website hacking:
1. Common Web Site framework (Wordpress, Joomla, Drupal and etc.)
- The most common website framework being used is Wordpress as it is mature, easy to use and it offer a lot of useful free plugins. On contrary on the popularity of Wordpress, it come with a big security issue. Wordpress is an open source platform which means everybody could download the code including the bad guys. This would mean that the bad guys know the in and out of your website.
2. SQL injection
- The bad guys could launch an SQL injection on your website as they know how does your website work. You need to remember that they have the codes of your website. Upon gaining access, they could deface your website and steal your data.
3. Password leak
- Do you save your password in your Internet browser? That is a very bad habit and you need to remove all of it. A virus, malware or Trojan infection on your workstation could cause your website got hacked. The bad guys will be able to retrieve all your password and launch an attack. Use a secure password, save it on the safe location and only share it with the needed person.
4. Easy to guess password
- abc123 and qwerty would be an easy password for you as well as the bad guys. Stop using easy password! Your password should have a combination of upper/lower case, number and symbols.
5. Plugins/Themes
- You have updated your Wordpress but still got hacked, what is happening? We see many cases of intrusion from the plugins and themes. Remember to update all your plugins and themes. Only install the necessary trusted plugins on your website.
6. Compromised host
- The hosting server could be compromised or have bad security policy. From our experience, this would be the last to happen as most good hosting companies secure their servers from attack unless you are getting inferior low budget services from your host. There would be more bad guys trying to hack on website level instead of server level due to the difficulty differences.
10 Simple Steps to secure your website
1. Secure and update your framework all the time whenever there is a new update
2. Choose your plugin and theme carefully. Keep it updated regularly.
3. Hire a good developer to customize and secure the website for you.
4. Inspect your web site logs to trace the possible hacking attempt.
5. Subscribe to a third party security scanning service.
6. Remember to have a local backup copy on your workstation all the time. Usually, your host will do the backup for you.
7. Monitor your Wordpress with plugins. My recommendation would be:
- Exploit Scanner
- WordFence Security
- WordPress Sentinel
- WP Notifier
- VIP Scanner
9. Talk with your developer or host on how to improve your website security.
10. Subscribe to Web Firewall services if the budget allow.
Are you totally safe from the bad guys now after securing your website? My answer would be NO! Government website with million of dollars security investment could be hacked so there would be no exception for yours. There is no guarantee that your website is safe from hacking but at least you have reduced the risk by making it difficult for the hacker.
Wednesday, August 8, 2012
Simple steps to secure your email account
Email services with collaboration is a norm nowadays and most users keep critical data on the cloud. With this great power that you get
from your email services, it would come with a greater responsibility to
protect your account.
As a continuation from the previous topic of identity theft with domain name, the same thing could also happen when somebody hijack your email account. The hacker could cause a lot of damage if they could gain unauthorized access to your email account. Your email account could contain your password, top secret email, password retrieval email and etc. The last thing that you need is nasty emails being sent out from your email account to your contacts. Is this enough to scare you off from having an email account? You do not have to worry and delete your email account now, I will provide few simple measures that you could do to secure your email account so that you would not have to fall back to pigeon post.
With 12 years experience in the web hosting industry and numerous encounter with email account intrusion, you could follow these recipe to secure your email account:
1. Password
This is the most crucial and first line defense of your email account. A weak password is a recipe for disaster. Password such as 'abc123', 'qwerty', '123456' and etc. are too common and these are the first few combinations that a hacker will attempt. A strong password would consist of upper case, lower case, numbers and symbols. If your name is Michael and you would want a password that is easy to remember, you could try something like 'W1cH@3LM2012'. The strength of this password would definitely turn the hacker off. A good password is a strong password and easy to be remembered by you.
2. Email Service provider
Depending on your email hosting package, a good provider will enforce minimum password strength policy and having at least a brute force attack firewall to fend of unauthorized access.
3. Choosing a unique email username
david@domain.com, mary@domain.com, peter@domain.com and etc. are too common and it is based on the word from dictionary. I would recommend you to use firstname.lastname@domain.com as these words are not from a single line in the dictionary. Aside from increasing your account security, you could also reduce the amount of spam coming to your account.
4. Check your PC for virus
A badly infected machine could contain virus that is able to manipulate your email client (Outlook, Thunderbird and etc.) as well as your browser's saved passwords. Most of the time, the user would not aware that the virus is actually exploiting your email account as the process is always running on the background. A virus could be a medium in your machine to relay your account information back to the hacker or it could be a spambot which reside in your machine and turn it into a spamming gateway. Always get a qualified technician to scan your machine periodically and get a good antivirus software.
I hope these few simple steps will save you from the misery of experiencing email account exploitation.
As a continuation from the previous topic of identity theft with domain name, the same thing could also happen when somebody hijack your email account. The hacker could cause a lot of damage if they could gain unauthorized access to your email account. Your email account could contain your password, top secret email, password retrieval email and etc. The last thing that you need is nasty emails being sent out from your email account to your contacts. Is this enough to scare you off from having an email account? You do not have to worry and delete your email account now, I will provide few simple measures that you could do to secure your email account so that you would not have to fall back to pigeon post.
With 12 years experience in the web hosting industry and numerous encounter with email account intrusion, you could follow these recipe to secure your email account:
1. Password
This is the most crucial and first line defense of your email account. A weak password is a recipe for disaster. Password such as 'abc123', 'qwerty', '123456' and etc. are too common and these are the first few combinations that a hacker will attempt. A strong password would consist of upper case, lower case, numbers and symbols. If your name is Michael and you would want a password that is easy to remember, you could try something like 'W1cH@3LM2012'. The strength of this password would definitely turn the hacker off. A good password is a strong password and easy to be remembered by you.
2. Email Service provider
Depending on your email hosting package, a good provider will enforce minimum password strength policy and having at least a brute force attack firewall to fend of unauthorized access.
3. Choosing a unique email username
david@domain.com, mary@domain.com, peter@domain.com and etc. are too common and it is based on the word from dictionary. I would recommend you to use firstname.lastname@domain.com as these words are not from a single line in the dictionary. Aside from increasing your account security, you could also reduce the amount of spam coming to your account.
4. Check your PC for virus
A badly infected machine could contain virus that is able to manipulate your email client (Outlook, Thunderbird and etc.) as well as your browser's saved passwords. Most of the time, the user would not aware that the virus is actually exploiting your email account as the process is always running on the background. A virus could be a medium in your machine to relay your account information back to the hacker or it could be a spambot which reside in your machine and turn it into a spamming gateway. Always get a qualified technician to scan your machine periodically and get a good antivirus software.
I hope these few simple steps will save you from the misery of experiencing email account exploitation.
Tuesday, July 10, 2012
Samsung Galaxy
Few weeks ago, my faithful phone, HTC Desire-Z got stolen during a commotion in a restaurant. It was late at night and I could not get a replacement until the next evening. I was without my phone for almost 20 hours and life was so meaningless.
Office hour ends and it's time to shop for a new phone. I was in Digital Mall, PJ walking around for look for a replacement. Initially, I wanted to get a phone with QWERTY but the option was so limited. Phone manufacturers are not focusing in making phone with keyboard anymore. The one that caught my attention is the Droid 4 from Motorola but nobody is selling it over here.
After strolling for while and given up hope to get a keyboard Android phone, my choices boiled down to either HTC One X (RM1899), Samsung Galaxy 2 (RM1499) or Samsung Galaxy 3 (RM2199). Obviously, the Samsung Galaxy 3 is the hype and the most handsome of the lot. The 4.8" HD Super AMOLED make it stands out among the competition and it has with a quad core processor! It has 2 more cores than the notebook that I have been using for work. If the iPhone 3 is more powerful than the computers used to launch Apollo to the space, the computing power in Galaxy S3 could send the same shuttle to the far end galaxy.
To cut the story short, I ended up with a used unit of Samsung Galaxy 2 due to budget constraint. In fact, the older Samsung Galaxy 2 is not too far behind the newer Galaxy 3. It has a 4.3" Super AMOLED Plus screen and a dual core 1.2GHz processor with sleeker body design.
It got me quite a while to get comfortable with the soft keyboard. I have tried Swype which is the best soft keyboard but I still prefer to have a QWERTY keyboard. For the first few days, I was having fun navigating the gorgeous screen with tremendous level of smoothness. Then problem came, the phone hung once in a while, overheating and the battery life was so bad. The phone consume half one the juice when I was sleeping for 6 hours!
Life was so meaningless again as I thought I have gotten a lemon this time. Not giving up, I tried to troubleshoot the phone and found an official software update. It is the Ice Cream Sandwich! Ran a last backup and press the "update" button. Everything was done in about half and hour. Hooray!
I observed the phone performance for the next few days and it does not give me anymore problem. The ICS upgrade has fixed the battery life problem, overheating and the stability issue. I have not rebooted my phone for the past few weeks.
There are temptations to get the newer Galaxy 3 but it does not make a lot of difference in user experience at the moment. The Galaxy 2 is still a good all rounder. It is not a big upgrade for somebody that already has a Galaxy 2. Perhaps if you have an older phone and looking for an upgrade, the Galaxy 3 is a good upgrade. The telco company is running a lot of promotion for the S3 and you could get it as cheap as RM699 from Maxis with a 24 months lock in period.
Office hour ends and it's time to shop for a new phone. I was in Digital Mall, PJ walking around for look for a replacement. Initially, I wanted to get a phone with QWERTY but the option was so limited. Phone manufacturers are not focusing in making phone with keyboard anymore. The one that caught my attention is the Droid 4 from Motorola but nobody is selling it over here.
After strolling for while and given up hope to get a keyboard Android phone, my choices boiled down to either HTC One X (RM1899), Samsung Galaxy 2 (RM1499) or Samsung Galaxy 3 (RM2199). Obviously, the Samsung Galaxy 3 is the hype and the most handsome of the lot. The 4.8" HD Super AMOLED make it stands out among the competition and it has with a quad core processor! It has 2 more cores than the notebook that I have been using for work. If the iPhone 3 is more powerful than the computers used to launch Apollo to the space, the computing power in Galaxy S3 could send the same shuttle to the far end galaxy.
To cut the story short, I ended up with a used unit of Samsung Galaxy 2 due to budget constraint. In fact, the older Samsung Galaxy 2 is not too far behind the newer Galaxy 3. It has a 4.3" Super AMOLED Plus screen and a dual core 1.2GHz processor with sleeker body design.
It got me quite a while to get comfortable with the soft keyboard. I have tried Swype which is the best soft keyboard but I still prefer to have a QWERTY keyboard. For the first few days, I was having fun navigating the gorgeous screen with tremendous level of smoothness. Then problem came, the phone hung once in a while, overheating and the battery life was so bad. The phone consume half one the juice when I was sleeping for 6 hours!
Life was so meaningless again as I thought I have gotten a lemon this time. Not giving up, I tried to troubleshoot the phone and found an official software update. It is the Ice Cream Sandwich! Ran a last backup and press the "update" button. Everything was done in about half and hour. Hooray!
I observed the phone performance for the next few days and it does not give me anymore problem. The ICS upgrade has fixed the battery life problem, overheating and the stability issue. I have not rebooted my phone for the past few weeks.
There are temptations to get the newer Galaxy 3 but it does not make a lot of difference in user experience at the moment. The Galaxy 2 is still a good all rounder. It is not a big upgrade for somebody that already has a Galaxy 2. Perhaps if you have an older phone and looking for an upgrade, the Galaxy 3 is a good upgrade. The telco company is running a lot of promotion for the S3 and you could get it as cheap as RM699 from Maxis with a 24 months lock in period.
Wednesday, May 30, 2012
Protect your online Identity
Finger printing identification has been innovated more than a hundred of years ago to give each person a unique identity. As the innovation continues to the modern era where everybody has a hand in the virtual world, the importance of having a unique online identity is as important as having your finger print identity.
You would want your friends, acquaintance, business partners, clients and families to be able to reach you in the cyberspace all the time.
One of the way to create and protect your online identity is to register a domain name for yourself. Just like finger printing technology or even better, a domain name is unique and nobody would have the same one as yours. Some people would purchase domain name to protect their real identity, business, nickname so that nobody could steal their online identity. I am sure you would not want to have a bad write-up on your identity by somebody else that has hijacked your online identity.
Your online identity become more prominent as the day goes by as people would build a picture of your based on what they could search online. It could be your personal or business identity.
Securing a domain name is much easier and affordable now comparing with the older days. There are thousand of providers out there offering the same product with different level of service and package. Depending on your requirement, you could secure an international domain name (gTLD) which require minimal fee and processing.
If you want to secure a domain name within your locality, you would need to contact your local domain name registration provider as the process could be a bit more complicated as you would need to prove your local presence. Trust me, it would not be a rocket science. A good provider will walk you through the entire process just like a walk in the park.
You have purchased a domain name to secure your online identity, what is next? You might want to direct your domain to a website and have email account within your domain with a web hosting package. I would not discuss much on web hosting in this article as I have wrote it previously.
You would want your friends, acquaintance, business partners, clients and families to be able to reach you in the cyberspace all the time.
One of the way to create and protect your online identity is to register a domain name for yourself. Just like finger printing technology or even better, a domain name is unique and nobody would have the same one as yours. Some people would purchase domain name to protect their real identity, business, nickname so that nobody could steal their online identity. I am sure you would not want to have a bad write-up on your identity by somebody else that has hijacked your online identity.
Your online identity become more prominent as the day goes by as people would build a picture of your based on what they could search online. It could be your personal or business identity.
Securing a domain name is much easier and affordable now comparing with the older days. There are thousand of providers out there offering the same product with different level of service and package. Depending on your requirement, you could secure an international domain name (gTLD) which require minimal fee and processing.
If you want to secure a domain name within your locality, you would need to contact your local domain name registration provider as the process could be a bit more complicated as you would need to prove your local presence. Trust me, it would not be a rocket science. A good provider will walk you through the entire process just like a walk in the park.
You have purchased a domain name to secure your online identity, what is next? You might want to direct your domain to a website and have email account within your domain with a web hosting package. I would not discuss much on web hosting in this article as I have wrote it previously.
Tuesday, January 24, 2012
How running a gigantic home office is a no-no
Most of the younger generation is equipped with basic computer knowledge. I believe most of you that is reading this post would not have a problem setting up your own computer and home network, or getting help from your friend.
Most of these setup will work almost flawlessly with small amount of users. End users will be more likely to be exposed to Small Office Home Office (SOHO) technology where you can purcahase an off the shelves solution from your nearest computer shop.
However, problem will start when you try to use the same setup and solution to cater to a bigger group of people. For example, if you are starting off a company with 50 people. Whilst it will be cheap, a SOHO solution might not fit the bill in this case as the equipments that you are using at home would not be able to support the exponential increase of users.
Let's take example of a Wifi AP, the basic SOHO unit might be able to provide signal coverage for your house and few of your family members. To some people, to cover bigger space and more people would mean adding extra Wifi AP of the same type. Logically, this solution might work as you are adding more equipments to cater more users and coverage area.
However, there are few factors that most of us have left left. By adding more Wifi AP, you are adding more radio interference to your environment which might cause a lot of problem if you do not have an expert to configure it for you. On top of that, you need to consider of having a single SSID or multipe SSIDs in your environment. If you choose to have a single SSID, the configuration would be more complex as you need to choose your wifi chanel precisely to minimize interference and this also does not guarantee that you Wifi network will work flawlessly as your equipments are still subjected to external inteference such as other radio equipments from your neighbors.
Some of the more robust solution to this scenario would be deploying more powerful Wifi AP to reduce the number of equipment needed in your environment. Alternatively, you could use a solution with WLAN controller which is very robust but it come with a higher price tag.
Another example would be to streamline your workstation users. In a home environment with few users, it is easy to control the policy of each workstation manually. You still can afford to access each workstation to check the policy manually.
What if you have 50 workstations? It would be inefficient to spend few hours a day just to make sure that your users are adhering to the workstation usage policy (eg. not allow to install 3rd party software). How can you be sure that all of your workstation are free from third party software or even illegal software all the time?
You might want to consider using Active Directory in your environment to centralize the policies control for all your users. Your IT administrator could set a single policy for all or customize policy for each workstation from the server. By this way, you can be almost certain that all your workstation users are adhering to your company policy and you do not have to sweat if the authority knock at your door.
Most of these setup will work almost flawlessly with small amount of users. End users will be more likely to be exposed to Small Office Home Office (SOHO) technology where you can purcahase an off the shelves solution from your nearest computer shop.
However, problem will start when you try to use the same setup and solution to cater to a bigger group of people. For example, if you are starting off a company with 50 people. Whilst it will be cheap, a SOHO solution might not fit the bill in this case as the equipments that you are using at home would not be able to support the exponential increase of users.
Let's take example of a Wifi AP, the basic SOHO unit might be able to provide signal coverage for your house and few of your family members. To some people, to cover bigger space and more people would mean adding extra Wifi AP of the same type. Logically, this solution might work as you are adding more equipments to cater more users and coverage area.
However, there are few factors that most of us have left left. By adding more Wifi AP, you are adding more radio interference to your environment which might cause a lot of problem if you do not have an expert to configure it for you. On top of that, you need to consider of having a single SSID or multipe SSIDs in your environment. If you choose to have a single SSID, the configuration would be more complex as you need to choose your wifi chanel precisely to minimize interference and this also does not guarantee that you Wifi network will work flawlessly as your equipments are still subjected to external inteference such as other radio equipments from your neighbors.
Some of the more robust solution to this scenario would be deploying more powerful Wifi AP to reduce the number of equipment needed in your environment. Alternatively, you could use a solution with WLAN controller which is very robust but it come with a higher price tag.
Another example would be to streamline your workstation users. In a home environment with few users, it is easy to control the policy of each workstation manually. You still can afford to access each workstation to check the policy manually.
What if you have 50 workstations? It would be inefficient to spend few hours a day just to make sure that your users are adhering to the workstation usage policy (eg. not allow to install 3rd party software). How can you be sure that all of your workstation are free from third party software or even illegal software all the time?
You might want to consider using Active Directory in your environment to centralize the policies control for all your users. Your IT administrator could set a single policy for all or customize policy for each workstation from the server. By this way, you can be almost certain that all your workstation users are adhering to your company policy and you do not have to sweat if the authority knock at your door.
Wednesday, December 14, 2011
IT outsourcing: Do I save cost?
The term outsourcing refers to procuring services or products from a supplier in order to cut costs.
Why and what to outsource?
Most businesses’ core functions are supported by smaller business divisions or cost centers. For example, if you are running a manufacturing business with 50 staff, your core business would be producing your own product. The supporting arms would be the IT, human resource, administration departments, etc.
A conventional way of running a business would be keeping everything in-house which includes the supporting business division. While you are comfortable with this model, the likelihood is – it will cost more in the long run.
Outsourcing your supporting business division would save you the headache of managing it whilst enabling you to focus on your core business. An outsourcing company would usually specialise in their core business to support you.
To keep your IT operations running smoothly, you would need a fair amount of assistance. Consider the following options:
Fixing your own computer
Employees are required to fix their own computer problems. Those who are unable to do so would need help from colleagues or outsiders.
While this model saves you computer-fixing costs, the intangible cost incurred is – employees spend more time fixing their computers instead of working. If you factor in the loss of productivity due to the computer downtime, it will cost you even more.
Hiring an in-house IT specialist
While this might sound like a good idea and most organisations adopt this way, let me tell you about the disadvantages…
In a 50-strong working environment, the budget for an IT position would usually allow you to hire only one person. Additionally, you may only be able to afford somebody who is still raw in the industry as experienced IT personnel will demand higher salaries and better career paths.
In this environment, the career path for the IT specialist is limited as your core business would be manufacturing while he works in a different division. Isolated and disconnected from the crowd, the turnover for this position could be very high. As such, you may need to factor in getting a replacement and re-training.
With this model in place, you would also need to take care of training, annual leave, sick leave and other miscellaneous human resource hassles, e.g. what if this guy goes on a long medical leave?
Outsourcing
IT outsourcing companies have one focus; relieving work stress by taking care of the computer issues in your organisation. They’re experts in this department, just as you are in your core business.
While the hourly cost per man is more than that of hiring an internal IT guy, you will be surprised that it will save you more in the long run.
Human Resource
When outsourcing, it is essential to hire a good and reliable vendor, pay them well and keep tabs on their work. You do not have to worry about training, certification, staff turnover, annual leave, sick leave, etc., as the outsourcing company will cover these areas for you. Depending on the contract, the outsourcing company will provide a back-up for you if the designated engineers do not show up at work. If the staff resigns, they will find a replacement for you and train them accordingly.
Another benefit of outsourcing: You can terminate the contract with a non-performing outsourcing company easily compared to getting rid of a non-performing internal staff.
Policies
Outsourcing companies usually have a set of IT policies that can be implemented in your organisation to improve the effectiveness of your operations. For example, they have a preventive maintenance policy that can be implemented in your organisation to detect a problem even before it happens. This will reduce downtime cost due to a server or workstation failure, e.g., you need to send your car in to the workshop for servicing/preventive maintenance regularly and not just wait till a problem crops up to fix it.
Documentation
A good outsourcing company would usually provide detailed reports and documentation of your IT assets. Documentation is important if you need to appoint another vendor or IT staff to take over the job in the future.
Resources
As IT is the core business of your outsourcing company, they will have sufficient resources to get your problem fixed and provide advice on how to maximise your IT infrastructure. To help you run your “business at the speed of thought” (as Gates puts it), they can advise you on the best IT tools to employ for your organisation. Plus you can save time on testing out different tools like a lab rat!
You are working with a team
Most outsourcing companies have a team of experts to take care of your IT infrastructure instead of depending on an individual. Established outsourcing companies usually consist of junior and senior engineers, IT managers, account managers, and other experts. They work together as a team to support your business.
Savings?
With the absence of all the above-mentioned worries, you can save more on operation costs in the long run while focusing on what matters most: your core business. Any problem with your computers? Just report it to the vendor and they will take care of it for you. A good vendor is able to detect potential problems before they happen. Computer problems don’t have to be your problem, anymore!
Why and what to outsource?
Most businesses’ core functions are supported by smaller business divisions or cost centers. For example, if you are running a manufacturing business with 50 staff, your core business would be producing your own product. The supporting arms would be the IT, human resource, administration departments, etc.
A conventional way of running a business would be keeping everything in-house which includes the supporting business division. While you are comfortable with this model, the likelihood is – it will cost more in the long run.
Outsourcing your supporting business division would save you the headache of managing it whilst enabling you to focus on your core business. An outsourcing company would usually specialise in their core business to support you.
To keep your IT operations running smoothly, you would need a fair amount of assistance. Consider the following options:
Fixing your own computer
Employees are required to fix their own computer problems. Those who are unable to do so would need help from colleagues or outsiders.
While this model saves you computer-fixing costs, the intangible cost incurred is – employees spend more time fixing their computers instead of working. If you factor in the loss of productivity due to the computer downtime, it will cost you even more.
Hiring an in-house IT specialist
While this might sound like a good idea and most organisations adopt this way, let me tell you about the disadvantages…
In a 50-strong working environment, the budget for an IT position would usually allow you to hire only one person. Additionally, you may only be able to afford somebody who is still raw in the industry as experienced IT personnel will demand higher salaries and better career paths.
In this environment, the career path for the IT specialist is limited as your core business would be manufacturing while he works in a different division. Isolated and disconnected from the crowd, the turnover for this position could be very high. As such, you may need to factor in getting a replacement and re-training.
With this model in place, you would also need to take care of training, annual leave, sick leave and other miscellaneous human resource hassles, e.g. what if this guy goes on a long medical leave?
Outsourcing
IT outsourcing companies have one focus; relieving work stress by taking care of the computer issues in your organisation. They’re experts in this department, just as you are in your core business.
While the hourly cost per man is more than that of hiring an internal IT guy, you will be surprised that it will save you more in the long run.
Human Resource
When outsourcing, it is essential to hire a good and reliable vendor, pay them well and keep tabs on their work. You do not have to worry about training, certification, staff turnover, annual leave, sick leave, etc., as the outsourcing company will cover these areas for you. Depending on the contract, the outsourcing company will provide a back-up for you if the designated engineers do not show up at work. If the staff resigns, they will find a replacement for you and train them accordingly.
Another benefit of outsourcing: You can terminate the contract with a non-performing outsourcing company easily compared to getting rid of a non-performing internal staff.
Policies
Outsourcing companies usually have a set of IT policies that can be implemented in your organisation to improve the effectiveness of your operations. For example, they have a preventive maintenance policy that can be implemented in your organisation to detect a problem even before it happens. This will reduce downtime cost due to a server or workstation failure, e.g., you need to send your car in to the workshop for servicing/preventive maintenance regularly and not just wait till a problem crops up to fix it.
Documentation
A good outsourcing company would usually provide detailed reports and documentation of your IT assets. Documentation is important if you need to appoint another vendor or IT staff to take over the job in the future.
Resources
As IT is the core business of your outsourcing company, they will have sufficient resources to get your problem fixed and provide advice on how to maximise your IT infrastructure. To help you run your “business at the speed of thought” (as Gates puts it), they can advise you on the best IT tools to employ for your organisation. Plus you can save time on testing out different tools like a lab rat!
You are working with a team
Most outsourcing companies have a team of experts to take care of your IT infrastructure instead of depending on an individual. Established outsourcing companies usually consist of junior and senior engineers, IT managers, account managers, and other experts. They work together as a team to support your business.
Savings?
With the absence of all the above-mentioned worries, you can save more on operation costs in the long run while focusing on what matters most: your core business. Any problem with your computers? Just report it to the vendor and they will take care of it for you. A good vendor is able to detect potential problems before they happen. Computer problems don’t have to be your problem, anymore!
Subscribe to:
Posts (Atom)