6 Easy Ways to save money on your IT while increasing your security!

1. Reduce the number of servers your organisation is running.

Why?

Many IT providers charge per server per month on their contracts, and for this reason it is rarely in their best interest to help you consolidate your servers down. Each server takes time every month to patch, monitor and manage. If you use cloud providers, you pay per month or year per server. If you have your own hardware, you are paying for power, cooling, backups and hardware replacement.

How?

Get a list of all of your servers from your IT team, make sure it lists what the server is used for, how big it is/how much it costs, and ask them to review if any can be consolidated or removed.

Include looking at what could be moved to a serverless cloud service or similar function that has a much lower cost.

Note: Ensure that you don’t remove too many servers or consolidate too much that you lose resiliency or safeguards.

Scenario

The entire computer system was hijacked and taken offline by a cyber attack due to an old server that had not been used for a number of years but was pending decommissioning. Not only was this costing money to run, but it was a gaping security hole which was exploited. Only after it was found to be the entry point of the attackers was it realised that it wasn’t needed anyway.

2. Clean up your old data!

Why?

Old files, images, videos and random data accumulate over many years of business. Just like your home, you keep those old boxes or things which may be handy one day, businesses accumulate old data.

Some of this MUST be kept for 7 years or longer for compliance reasons, but some of it is also just waste.

At the least this data is taking up space on hard drives, which cost money to run, and the more full they are the slower they respond, but also when you back them you, you can be paying 10x the cost to backup useless data as you make more and more copies of it.

Also, some of the data could be an unknown liability. Do you have personal information on your staff or clients? Do you keep copies of old quotes which could accidentally be used and sent to customers? Perhaps someone inadvertently recorded some credit card numbers or banking details for customers. Anything that could come back and bite you.

How?

Identify all potential electronic document stores in your business and get them put into a list.

Create a repository for data that most likely is not needed, and archive it to there and take it offline (but keep it, for now).

Ensure the data is sorted and cleaned into departments or teams, and have each group clean up what they can to the archive.

Scenario

A business had kept personal identification data on their network long after it was of any use for the purpose of providing services, this was a great risk if they were to have a hacker gain access, and the business would need to inform the identified parties of the breach so that they could protect themselves or watch out for identity theft.

Another more simple example was a client storing on high speed storage over 8Tb of old promotional images and video, which was being sent to very expensive backup location costing thousands of dollars per year. Simply archiving this off would have saved tens of thousands of dollars.

3. Review user list and licence subscriptions – are they still required?

Why?

Whenever a new user starts at your business, you need to set them up an account, and get them software to use. Most businesses these days pay per month for their licensing to keep it simple. Because these licences are only a relatively small amount per month, subscriptions are often forgotten about.

But many aren’t always as quick to disable these licences once they are no longer required. Has the user left? Do they still need the Adobe or Microsoft software that you are paying per month for?

Old user accounts that are still active are a massive security hole, and those with licences or other resources assigned to those ghost accounts are a waste of money.

How?

Have IT pull a list of users and a list of licences/subscriptions. Get the finance team to do similar and have IT and the business cross check that each of these are current.

Disable non-active accounts, archive their data, and turn off their subscription services.

Regularly have finance check credit cards for small monthly or yearly amounts where you may be paying for a service you no longer need.

Scenario

A business saved tens of thousands of dollars per year by investigating usage patterns of software and consolidated their virtual desktop fleet as they had greatly reduced their headcount, but old resources were never cleaned up, and the monthly licensing bills never questioned.

4. Review how many software packages you have deployed, and remove any that are no longer in use, or reduce how many copies you have installed of those that are rarely used.

Why?

Many security holes exist in old software packages, and it may require legacy Operating Systems to keep them running. It makes it easier to hack your systems by having these online.

All software requires maintenance, whether it be updates, reinstalls, training, and licensing. This takes time, effort and money, and may not be required.

How?

Ask IT for a full list of all applications installed on your network.

Ask the team (business and IT) could each be replaced with a simple cloud alternative, or do we need it at all?

Review the list every 6 months.

Scenario

A legacy software application was migrated to the cloud and paid for monthly, providing an application that stopped being used by the users in the business 12 months ago, but no one told IT, OR IT never got around to decommissioning it. It hasn’t been patched or updated in years, and is an easy target for hackers, adds complexity to the network (resulting in higher costs), and is costing money for every hour that it is online.

5. Review your internet, phone and service contracts.

Why?

Internet and phone technologies are constantly changing and improving. What might have been a great deal years ago, may be way over the top now for your needs as technology improves.

Many phone providers will not migrate you to a better deal unless you ask, and the same with internet providers.

Some IT service providers base their contracts on equipment numbers, and even if that number drops, they don’t automatically reduce your bill.

Across these three, you could be paying thousands per month more than you need to, for the exact same service.

How?

Go to your telephony providers with your bill and ask them to review it and come back with better solutions. This should be done as a standard at least every 3 years. Look for any old services that you’ve turned off or don’t use (like old fax or ADSL lines).

(Note: be careful to ensure you AREN’T using them, we’ve seen many occasions of the internet going offline for days because the wrong phone line was cancelled).

Go to your IT support provider each year to ensure your computer, server and device count is correct.

For internet, don’t always look at what you were paying previously as a yard stick for what you should be paying. Get a price from a competitor for a similar service. The key differentiator with an internet provider is their capacity, and willingness to help you when there are problems with it.

Scenario

Many businesses have found themselves paying for phone lines long disconnected, mobile phones sitting in drawers (or worse, taken by ex-staff), or paying over and above the market rate for call plans or internet because they never went back to their provider for a better deal or got a comparison price. Imagine paying thousands per month for an old internet technology when a new connection for <$500 a month would be faster and more reliable.

6. Educate your staff on cyber security.

Why?

Many cyber attacks and ‘hacks’ actually enter the business through actions undertaken by your staff. This can be replying to a spam email, clicking a bad link, using the same password in too many places, etc.

A hack to your network can at the least cost you thousands in bad press, lost productivity, recovery and restore costs, and insurance excess.

It is much better to spend some money on training now, than to have to spend it after spending money on recovery from an incident.

How?

You can subscribe to a service like this Cybersecurity Awareness Training | NINJIO for your staff to continually have instruction videos giving them tips on protecting themselves and the business. This can be a cheap monthly fee, and also is a key part of requirement for cyber protection insurance, or supply chain resilience (Your customers may ask what cyber protections you have in place to ensure continuity and protection of their data).

Check your email addresses here to see if you have been a part of a breach previously, and therefore you should never use that password again: Have I Been Pwned: Check if your email has been compromised in a data breach.

Scenario

A Finance officer receives an email from the business owner asking for money to be transferred to a bank account, and proceeds based on the urgency of the request. Later finding out that the email was fake, and was a socially engineered hack.

Another is a supplier contacts the accounts team to let them know that their banking details have changed. The next time that supplier is paid, the money has now gone to the criminal’s bank account.

On the flip side, some partner businesses require their partners and suppliers to have a level of cyber security maturity to be able to do business with them. They will require you, as a business to show that staff cyber security awareness training has taken place.

Call us on 1300 642 267 or email support@miacorit.com.au if you’d like to have an obligation free chat about how MIACOR IT can help you reduce your IT costs and increase your security.

‍