By in ,

Episode 1 - Is Security Awareness Training Enough?

As a business manager, you may be wondering “Can Security Awareness Training protect my firm?” or “Do I need to be doing something more?”

You’ve probably seen Security Awareness Training.  These are the programs that tell you to “use strong passwords” or “stay safe on the web.” 

So, is it enough?

There are two schools of thought on this – and they both have merit. 

On one side, experts talk about people being your best line of defense – but also your greatest weakness.  There’s pretty good data out there showing that many cyber incidents come down to people making mistakes – they send the paperwork for the McGills to the McGillicuddies.  And that’s not even considering the con artists.

Other experts say you’ll never train your way out of the risks.  How did the system let you send the document?  These are process failures to be fixed.

Like I say, you need both.  You need Security Awareness Training for your employees including management.  But your management team needs a deeper type of education to show them how to align their IT objectives with their business objectives.

In our next three videos, I’ll talk about your options in each of these areas.

Episode #1 – 12/11/2018
By in

Thank You for Naming Us Best

It is gratifying that so many friends, colleagues, and clients selected 20Creek as The State’s Best of 2018 for Computer Services.

We started 10 years ago as a software development firm developing e-commerce systems for clients as far flung as Connecticut and Santa Cruz, California. Along the way, we specialized in providing safe ways to accept credit cards online. This passion for handling data grew into the Governance, Risk, and Compliance service we offer today atop our standard IT offerings.

Thank you for voting for us. We won’t let you down.

By in

Two Types of IT Services

We’re between innings at the USC-Sumter baseball scrimmage, so I can finally slow down and write this blog.

Unless you’re in the IT industry, you may not know about the two models for hiring IT companies. It’s worth taking a couple of moments (between pitches) to explain.

When you hire an IT company, you can opt for “break-fix” or you can opt for “managed services.” Break-fix is exactly what it sounds like – something breaks so you call someone to fix it. In managed services, you pay someone to plan for failures. One is reactive, the other proactive.

I like to visualize this as a busy kitchen preparing omelets. 

With break-fix, you call someone with a mop whenever the chef drops an egg. 

With managed services, someone brings the eggs to the chef.

When I inspect a network closet, I can guess which they chose based on the equipment I find. With break-fix, the repair tech will service whatever equipment is there. With managed services, the IT provider will invest in higher-end equipment that can report and diagnose issues. Having bandwidth problems? Is the Charleston office offline? The higher-end equipment can tell us. With the right equipment, alerts go straight to the network operations center who takes corrective action, often before you notice the outage.

Of course, there’s a trade-off. To recoup the investment in people, processes, and equipment, managed services providers sign customers to multi-year agreements. A managed services contract is not simply a retainer. Under an “all-in” model, on-site and off-site service calls are included at no extra charge. Some firms value this predictable monthly charge.

So, which is best? The choice between break-fix and managed services often centers around downtime and data security. If downtime is merely inconvenient, break-fix may be suitable. If data loss or theft isn’t a concern, additional safeguards may not be needed. Pay the tech to install the machines properly and then pay again only when issues arise. If down time means lost revenue, the cost-benefit analysis of managed services becomes easier to justify. If the business operates in multiple cities, proper network management is essential.

Managed services are hard to pull off properly. Industry analysts estimate it takes 3  years and $1.5 million to develop a mature service delivery architecture. This is difficult to replicate in a home-grown environment and only a few local IT firms have this scale. (20Creek offers local service with national scale. We invested serious money to build out our services upon a national provider who excels at service delivery as measured by annual, independent audits.)

As we head to the bottom of the seventh, I’ll summarize the two models. Under break-fix, the IT provider makes money when things go wrong. Under a managed services model, the IT provider makes more money when things go right. Depending on your needs, either model may be appropriate.

By in

Business Continuity


As I write this morning, the National Hurricane Center has just upgraded Florence to a Category 3 hurricane with a forecast to strengthen before landfall. Obviously, protection of life and then property are the highest priorities.

When Hugo roared through in 1989, I worked part-time at a popular FM station in addition to my day job as a chip designer. (The station was popular, my show less so.) A friend was on the air that night and I started to swing by and ride out the storm in the studio. As the outer bands arrived, a tree took down a power line and the station went off the air for the whole storm. I stayed home.

Radio stations returned to the air fairly quickly. With power out to most homes, TV was unavailable so people turned to radio for information. When we heard that Governor Campbell’s helicopter had filmed the aftermath along the coast, we hoped that power would return in time for us to see how badly we were hit. It did and I recall that SCETV ran the footage several times in the next week.

Crisis soon turns to recovery and every business plays some role, large or small. Obviously, broadcasters need to be on the air and the ambulances need to roll. Contractors, heating-and-air, plumbers, roofers, and even tow trucks are essential. In assessing your business continuity plan, it’s important to ask what happens to your community, your employees, and your customers if your business goes dark for a while.

In the IT world, we talk a lot about hackers and ransomware, but the weather itself remains a common threat. Ironically, the station had just decided to purchase an emergency generator to power it through storms. It was scheduled to be installed the following week.

Stay safe and let’s pray that this storm weakens before it hits land.

By in

Explainer: Why is it called The Cloud?

We get a lot of interesting questions at 20 Creek.  Working in IT, we sometimes take the answers for granted.

Today’s question:  Why is it called “the cloud”?

Back when I started working with computers, there was no social media…no websites even.  Academic and government networks were beginning to arise, but there was no public internet.  Surely company offices needed to talk to each other.  How did they do it?

Well, if you had a datacenter on the east coast and a datacenter on the west coast, you called up the phone company and ordered a dedicated connection.  Unlike phones which can call anyone, these lines were set up to connect one specific datacenter to another specific datacenter.  They were essentially permanent connections for the life of the contract.

Someone had an insight. 

If A had a private line to B and B had a private line to C, then A could talk to C.  If B were willing to carry the traffic, A did not need a private line to C.

Eventually this grew into a network of networks much like the railroads a century earlier.  Instead of standardizing on track gauge, these connections standardized on communications protocols.  If A needed to talk to Z, the network would find a path but neither the sender nor the receiver needed to worry about the actual path taken.  

Your data could travel through various private datacenters to reach its target.   Because the actual path taken was unknown in advance and often unimportant, architects would draw this portion of the network as a cloud.

By the time we started watching movies on the internet, dedicated backbones and switches had replaced most of these informal networks.  Today, it’s highly unlikely your business email will go through some university’s computer lab, but that’s exactly the way the internet started.

20 Creek is your independent IT department.  As your Virtual CIO, Help Desk, and service center, we align your IT plans with your business objectives to help you increase profits, control costs, and manage risks.  Call us today at 803 771-6341.