Certified CIO’s Steven Plumlee Helps Companies Prepare for their Worst Nightmare

Data Breaches, Hacks, Cyber-Attacks.

If Steven B. Plumlee could pick a sacred mantra to live by, it would likely be, “An ounce of prevention is worth a pound of cure.”

Those words apply to everyday life, but in the world of information technology, it should be gospel. After all, it’s a lot easier installing a strong firewall to keep bad actors out rather than repairing the damage caused by an unauthorized user who accessed your company’s network.

It’s far less expensive to train employees about proper computer conduct than it is to manage a massive data breach caused by a worker inadvertently clicking on a random link. Proactively creating a disaster recovery plan is a short-term headache compared to the giant migraine it would take to haphazardly responding to unplanned incidents like natural disasters, power outages, cyber-attacks and other chaotic events.

“Back in the early days, the work was 100 percent customer service,” said Plumlee, 45, chief executive of Certified CIO, an IT managed service provider based in Hanover, Pa, and Towson. “You were focused on keeping everyone running and communicating with them clearly. You would get a virus occasionally, but it would be on someone’s floppy disc or USB.

“Now, it’s all about people trying to break in,” Plumlee said. “Now, it’s people trying to lock up your entire company so you can’t do any work and you have to pay a ransom. In the IT space as a whole, there’s still the customer service side of things, but the big focus is really on prevention, detection and remediation.”

Small and mid-size companies that can’t afford a full-time IT person look to companies like Certified CIO – short for chief information officer – to monitor their systems and offer advice on everything from software to servers and growth strategy to making your workforce more agile and efficient.

In many cases, Certified CIO supplements a company’s in-house IT person with its team of experts and more cutting-edge security, productivity, and integration software. A typical Certified CIO customer could be a lawyer or a health care provider with multiple locations.

Working with a good managed service provider (MSP) isn’t just about eliminating IT frustrations, Plumlee said, it’s also about future planning and generating revenue.

Manufacturers that used to rely on a human pulling a lever to meet production are now often relying on fully automated mechanisms. That means a company like Certified CIO can monitor the productivity of a machine, provide alerts for routine maintenance or issue impending failure warnings that might slow down a production line.

When companies acquire or merge with other companies, Certified CIO steps in to integrate computer systems and standardize best technology practices from each company.

In a recent case, Certified CIO worked with a local catering company that had to shut down most of its operations when Covid 19 hit. Instead of 15 employees on its computer system, the caterer temporarily downsized to four employees during the pandemic.

“The biggest mistake a business can make is not communicating your goals with your MSP,” Plumlee said. “Are you expanding, acquiring companies? Are you shrinking or downsizing? Businesses are afraid to have those conversations with people on the technical side, so they end up spending a lot of money.

“When the catering company told us what was happening, we put them in a hibernation state. We took the 10 machines off our tool set, which meant our client didn’t have to pay for things like antivirus and security scanning tools for those computers. It was a significant cost savings for them.”

For those worried about affordability or too terrified of all things IT to engage an MSP, Plumlee has some advice:

Ask questions. Even if you’re not looking for support services or you’re not ready to hire an outside service provider, a good MSP will explain their services and costs to customers. Plumlee says it does not cost anything to ask questions.

Install a multi-factor authentication tool. A layered approach to security should be used on everything you interact with to access accounts. Using passwords, personal identification numbers, security badges, fingerprints, and answers to secret questions can be more than 90 percent effective at preventing attacks.

Don’t leave yourself vulnerable. Stay on top of system patches and updates.

Do not use shared accounts. Every employee should have their own log on.

Do not use the same password for every account. Use a password manager, which is essentially an encrypted digital vault, to store, generate and update password login information.

Create a disaster recovery plan. Amid a tech meltdown or data breach, you do not want to guess about whether you have a cyber security insurance policy, wonder if the media needs to be notified or scramble to inform clients while trying to fix the problem. Have a plan in place.

Designate a person who will respond to tech problems and take charge of your disaster recovery plan. If you don’t have that person, Plumlee says, contact Certified CIO.