Tuesday, January 5, 2016

Three Resolutions for Your Business Technology

As we turn the calendar over once again, the last thing you want to hear is a list of more things to do. While now is a good time to celebrate and appreciate last year’s accomplishments, I'd like to offer three resolutions that could help you sleep better at night and have a more productive and prosperous year.

I'll pay attention to how my data is being backed up.

Back in my days as a paramedic, you’d hear patients laid out on the stretcher being told to eat better, exercise and stop smoking. I dread those types of conversations … talking to new clients about backing up after their data has been lost.

According to PWC, 70% of small businesses that experience catastrophic data loss go out of business within one year. Proactively backing up your data is critical to the survival of your business.

Are you confident that all of your data is backed up? What about your applications? Do you have more than one backup in case the first is damaged or fails? Do you have copies stored securely offsite? Have you recently performed a test restore of your data?

While these are all essential, there’s one critical question that most people miss … if your network goes down, how quickly can you get everything back up and running again?  Even a temporary network failure can halt employee productivity and the ability to service customers, a potential financial disaster.

Step up to the next level this year and start thinking more holistically about how your business could survive a disaster. Backup is only one part of a comprehensive solution. If you don’t have a disaster and business continuity plan, here’s a good place to start: http://www.ready.gov/business

I'll make sure that my tech is up to date and secure.

There were three incidents we assisted clients with this year that raised my security antennae to full height.

  • The first was a website hacked on September 11 and defaced with ISIS threats. 
  • The second was a computer that got infected by a CryptoLocker virus, its data held ransom by anonymous pirate hackers seeking payment in Bitcoin. 
  • The third was a social engineering attack which defrauded a client with a carefully crafted Email.

Threats to your technology are rampant and the consequences are severe, but remedies aren’t necessarily different than in prior years. They just require more diligence.

Most businesses underestimate how much time and coordination it takes to keep systems secure. Remember that your network is only as secure as its weakest link. If you don’t have a written information security policy (WISP), it may also be time to put one in place. Government regulations may even require you to do so.

Watch for our upcoming article: Pragmatic Steps for Safer IT.

I'll put my technology to work for me.

Every year technology becomes more vital to the work we do. If you don’t have a strategic technology plan, it’s time to take notice. Because when IT is done right, your business or organization will run better!

What are you doing to engage new and existing customers/clients online? Do you provide your staff with the tools to work as effective remotely as they do from the office? Are you confident that the systems you have in place align with your business model and support a productive and responsive staff? Is a lack of efficiency impeding your ability to keep a competitive advantage and scale?

While it may seem intimidating, transformative progress requires careful planning, executed in a sensible way.  Where would you like to see your organization going over the next 3 to 5 years? What are some ways that you might envision technology helping reach and support those goals?

For starters, plant a few seeds by putting a few of your ideas to paper.  I like to do it with an old fashioned composition book and ink. It’s always interesting to look back and see how the roots of my ideas were formed into formidable progress in the years gone by.

The Bottom Line

How do you want your business technology to work in the coming year?  A proactive, best practices approach can help your business navigate the risks that lay ahead while keeping focused on fulfilling your mission.

If you have any questions about how to make the most of these resolutions, call us at (781) 821-0000. Our business technology consultants are eager to help.

Peace, health and gratitude –


David Winter, CEO & Business Technology Consultant
wintersolutions, inc.:  Managed IT Services & Consulting
   for Emerging Business, Non-profit & Education 
david@wintersolutions.com - 781 821-0000
Get the latest small biz technology insights at blogger.wintersolutions.com!

Sunday, March 30, 2014

RIP Windows XP: 6 Important Questions to Ask Before April 8, 2014

By now, it’s pretty widely publicized that as of April 8, 2014, Microsoft is finally ending support for Windows XP. The calls have been steadily coming in from concerned clients who are unsure what to do next. Do I need to run out and buy a new computer? Should I upgrade the operating system? Is this a compliance problem? Here are some thoughts to help you make that decision …

The release of Windows XP in 2001 represented an important milestone, the coming together of Microsoft’s Windows 2000 business and Windows 98 operating systems. (Let’s pretend Windows ME never happened.) The Internet was no longer an afterthought. Windows XP was a stable operating system with a reasonably attractive and user-friendly interface. Three major service packs bolstered the security and stability of the system, with the last released in 2008. Windows Vista was released in 2007, but was poorly received, particularly amongst business customers. A critical mass chose to either extend the life of their XP systems or downgrade their new systems from Vista to XP. Mainstream support for XP ended in 2009, around the time Windows 7 was launched, but Microsoft continued to release system patches and updates through a five-year extended support period. Extended support for Windows XP ends on April 8, 2014.

1.       Is my Windows XP computer going to stop working after April 8?

No, your computer is not going to suddenly shut down. You can keep it running until it either implodes or you put it out of its misery.

2.       Does that mean I can keep Windows XP running without any worries?

There is good reason for concern. Microsoft is no longer going to be issuing security patches. While the risks may not appear on day one, it’s a really good idea to plan accordingly. Some theorize that cyber-criminals have already uncovered new XP vulnerabilities and are holding back attacks until after this date … but until we hear otherwise that’s only a theory.

Support for Microsoft Office 2003 also ends on the same date. Office 2007 was a major revamp, so if you’re on Office 2003, it’s time to update. Office 2013 and Office 365 have been released, but we recommend sticking with Office 2010.

3.       What basic precautions can I take for now?

Step 1 - Make sure that your system is at least up to date with all patches that Microsoft has released.
Step 2 – Consider using 3rd party antivirus. It’s not clear how long Microsoft will continue issuing definition updates for Security Essentials on XP. We strongly recommend Malwarebytes as a second layer of defense.
Step 3 – Switch your browser to Google Chrome or Firefox. Save Internet Explorer for those outdated websites that really need it … you’d think your bank would be have caught up by now.
Step 4 – It’s a good time to make sure your system is well backed up. We recommend using a cloud backup system like Carbonite for data, while doing a full system backup to external hard drives. Be sure to disconnect and store the drive somewhere safe in between backups.
Step 5 – Lock it down. Be sure that your user account is a Limited User and only log in as an Administrator when there’s something important that needs to be installed. Turn off file sharing and consider disconnecting the computer from the network/Internet if feasible. Avoid using disks or flash drives from other computers if not necessary.

4.       Should I upgrade to a newer version of Windows?

Save the money to put towards a new computer. If you’re running Windows XP, the computer must be at least 5 years old, probably more than that. While we’ve generally extended our recommendations for proactive computer replacements, by the time you reach 4 years, you should be budgeting for a new one. Your system is on bought time. You’ve probably noticed that your system is slowing down. It’s only a matter of time before a drive or fan fails. Don’t put good money after bad. If you’re considering a new computer, think twice about Windows 8. We suggest sticking with Windows 7 (available through business channels) or a Mac.

5.       Does Windows XP pose a compliance problem?

If you’re involved in a healthcare or financial field, I’m sure that you’re familiar with the strict security and privacy regulations that apply to your industry, but many aren’t aware of newer regulations that apply to most businesses across the board. In 2010, Massachusetts enacted 201 CMR 17.00 regarding protection of personal information, one of the strictest in the country. This applies to anyone doing business with Massachusetts residents, even if the business is located elsewhere. While, the Windows XP doesn’t necessarily pose a specific compliance violation, it’s certainly raises a significant red flag and puts the onus on your business to demonstrate that you’ve taken appropriate measures to both secure your environment and regularly audit that security. If you’re considering keeping Windows XP alive for the long-haul, you should have a really good business-case for it. Microsoft is offering a Custom Support option for companies who refuse to budge. The annual cost is at least $200 per computer, and it goes up each year.

Support for most Windows Server 2003 versions ends on July 13, 2015. There’s cause to be more cautious with a server.  Don’t wait until the deadline to replace your aging servers.

6.       What if I have a really important ________ that’s not compatible with newer computers?

Every once in a while, I run into a circumstance where upgrading isn’t possible, such as a really expensive medical device that doesn’t have newer drivers or a special educational program that was originally made for Windows 3.1.  You may have to bite the bullet at some point and find an alternative, but in the meanwhile, meticulously follow the steps outlined above. Consider extending the computer life by proactively duplicating and replacing your hard drive. You can keep the old one as a backup.


Now that I’ve completely overwhelmed you with information, let’s bring it back to the basics:
  1.        If you’re still running Windows XP, your computer is past-due for replacement. You don’t need to run out today, but do make it a priority and budget for replacement soon.
  2.        If you have a legitimate business case for keeping your XP systems alive, be sure that you have a rigorous program in place to secure the systems and audit them regularly.
So long XP … it’s been a fun ride - RIP 2001-2014

Dovid Winter is the CEO and Principal Consultant of Winter Solutions, Inc. Since 1986, Winter Solutions has partnered with emerging businesses, educational and nonprofit organizations to exceed customer expectations through the effective use of technology. From strategic technology plans through hands-on implementations services, Winter Solutions enables your organization to increase productivity, improve customer service and achieve your organizational objectives. Trust and integrity are at the core of everything we do. 

To schedule your strategic IT assessment, contact Winter Solutions, Inc. at 781-821-0000 or 617-973-9999. Ask about our ProActivesm IT Management solution.

Wednesday, July 31, 2013

Re: TIR 13-10: Sales and Use Tax on Computer and Software Services Law Changes Effective July 31, 2013

to: 'rulesandregs@dor.state.ma.us'

Dear Sir(s) and/or Madam(s):

Please accept this Email as both a formal request to the Massachusetts Department of Revenue (DoR) for specific guidance in the application of the new regulation, as well as a plea for a rapid amendment to implement a more reasonable grace period.  I believe that while the regulation may be more straightforward to implement by businesses exponentially larger than my own, it produces  incredible complexity for small business consultants in a manner that may not have been taken into consideration.

I would welcome the opportunity to discuss this directly with the appropriate parties.


David A. Winter

David Winter, MCSE, CEDIA-II – Principal Consultant
Winter Solutions: Hand-on IT Management Services & Consulting
   for Small Business, Non-profit & Education
29 Harold Street, Sharon, MA 02067
dovid@wintersolutions.com - 781 821-0000

While perhaps larger businesses have known about this for some time, the first I heard about this was several days ago. I’m not aware of having received any letters from the DoR seeking input. I saw nothing about it in trade publications and received no industry organization alerts. It was a friend in a totally different line of work that happened to read a news article about the legislation. At first, I thought he misunderstood and was referring to the Mass DoR determination on Software as a Service, but after research, I finally figured out that he was correct. I’ve tried my best to understand TIR 13-10, but I find it vague and confusing. I could understand having a few months to request determinations, notify customers, and put processes in place. I don’t understand how I’m supposed to process all of this so quickly. If I under tax, I risk audit and penalties. If I overtax, I risk losing customers and business.

Most of my clients are small/micro-businesses themselves. They’re struggling to dig their way out of the recession and rely on their systems to keep their employees productive. They’re pressuring me to reduce my costs already. Where is this 6.25% going to come from? I’m still digging myself out of the recession, struggling to keep my home and going to the nth degree to ensure that I do my part to meet my fiscal responsibility as a grateful citizen of the United States and the Commonwealth.

I am a small shop, as are many of my peers. There is no accounting department. I engage in little to no resale as I don’t have the infrastructure to manage the buying, purchase orders, billing, inventory, shipping receiving, and returns. When sales tax is due, I gladly fulfill my obligations to collect and report it quarterly, but as a micro-business, I have no choice but to keep things simple if I want to survive. We rely on relationships with third party vendors who’s only compensation to us is that they provide our clients with reasonable prices and quality customer service. We engage in resale only in the rare event that there are specific benefits that we can only obtain through a direct reseller relationship with the vendor.

My major request as referred to above is that the DoR provide a 5 month grace period (until January 1, 2014) for small technology providers to:

·         request determinations on the applicability of the new tax regulations

·         notify customers of the implications of these new regulations

·         allow time for renegotiating contracts and budgets as needed

·         put systems in place to bill for, collect and submit sales tax
(many of my peers don’t engage in resale and thus don’t currently collect sales tax)

 It is my understanding that the intent of this tax is to effect services that are traditionally associated with the sale of software and hardware (e.g. by integrators), but the details of the document seem to indicate that the tax may apply to a wide array of computer related services even when they are unrelated to the sale of tangible goods. I will attempt to break down the pieces of my business and am asking for a ruling as to which of the items are subject to sales and use tax under either the new or existing regulations:

I am certain that this list is incomplete, but given the short time for comments, I’m trying my best. As noted above, we are not generally in the business of reselling tangible goods.

Please note that individual sub-items represent different ways that the services are offered. The question is whether or not the service offering is subject to sales tax if offered under the specific circumstance outlined in that line item.

1.       Website related services:

a.       Website hosting services

                                                               i.      Where the customer has no access to the website administration.

                                                             ii.      Where the customer has access to administration of an  open source website content management system (CMS) through a control panel (e.g. Joomla or WordPress).

                                                            iii.      Where the customer has the ability to configure some aspects of the hosting, but has no access to configure the server itself as it is a virtual or shared environment (e.g. WHM/Cpanel).

b.      Website design and development services

                                                               i.      Graphic design services and implementation of a static brochure website.

                                                             ii.      Graphic design services to build a template for an open source CMS based website.

                                                            iii.      Setup and configuration of a basic open source CMS driven marketing website.

                                                           iv.      Setup and configuration of an open source CMS driven website application (with no custom development).

                                                             v.      Maintenance and support of existing websites that were developed and/or hosted by us.

                                                           vi.      Maintenance and support of existing websites that were developed and/or hosted by a third party.

c.       Website consulting services

                                                               i.      Preliminary meetings to discuss website and marketing strategy.

                                                             ii.      Meetings to discuss website and marketing strategy related to projects being performed by us.

                                                            iii.      Meetings to discuss website and marketing strategy related to projects being performed by a third party.

                                                           iv.      Meetings to discuss website and marketing strategy that are unrelated to project work.

d.      Web marketing services - Assisting clients with advertising and marketing their services utilizing a variety of third party free or paid services, where the client procures such services directly from the third party vendor, such as:

                                                               i.      Advertising networks (e.g. Google AdWords)

                                                             ii.      Email marketing engines (e.g. Constant Contact)

                                                            iii.      Issuance of press releases (e.g PR Web or OpenPR)

                                                           iv.      Search engine optimization services

2.       Software as a Service (SaaS):

a.       Microsoft Exchange Email hosting services in a virtual or shared environment where we outsource services to a third party data center, license ownership is maintained by the data center, and neither we nor the client have access to the underlying server platform, and all administration of mailboxes and basic settings is performed us.

b.      Microsoft Exchange Email hosting services in a virtual or shared environment where we outsource services to a third party data center, license ownership is maintained by the data center, and neither the client nor us have access to the underlying server platform and the client has limited access to  administration of mailboxes and basic settings.

c.       Cloud backup services where:

                                                               i.      We resell the third-party cloud backup service itself (such as Mozy, Carbonite or Acronis)

                                                             ii.      Implementation services related to a cloud backup service that we resell to the customer.

                                                            iii.      Implementation services related to a cloud backup service that the customer purchased directly from the third party service provider where:

1.       We receive referral  compensation from the service provider.

2.       We have no financial relationship with the service provider.

d.      Consulting services related to third party database management systems such as customer relationship management (CRM) systems (e.g. SalesForce, NetSuite) and other vertical market applications where the customer contracts directly with the third party and does not have access to the underlying platform:

                                                               i.      Initial strategy meetings

                                                             ii.      Product selection

                                                            iii.      Vendor negotiations

                                                           iv.      Internal project management and implementation

                                                             v.      Ongoing product support

3.       Information technology  consulting and support services related to third party hardware or software purchases

4.       Backup and disaster recovery services:

a.       Implement backup processes utilizing components that the customer newly purchased from a third party.

b.      Reconfiguring backup processes utilizing components that the customer already owns.

c.       Monitoring the ongoing performance of the backup systems.

d.      Disaster recovery services where we:

                                                               i.      Assist the customer with data restore services utilizing their backup media.

                                                             ii.      Assist the customer with recovering their data utilizing software tools that we own.

                                                            iii.      Engage a third party to perform invasive data recovery data in a clean room environment.

5.       Audio-video or control system consulting, implementation and management.

a.       Design of an audio-video system (e.g. conference room presentation system, home theater system)

b.      Implementation of an audio-video system that does not include computers

c.       Implementation of an audio-video system that includes embedded computers with no access to the operating system (e.g. Apple TV)

d.      Implementation of home or building control systems based upon embedded computers that have no access to the operating system (e.g. Control4, security system panels)

e.      Implementation of an audio-video system that includes a personal computer connected to a television

f.        Support for audio-video systems following the implementation.

6.       Telecommunications consulting

a.       Services to review telephone bills and refer the customer to a third service provider with whom we have no financial relationship

b.      Services to review Internet service bills and make recommendations to for third party service providers from whom we:

                                                               i.      Receive referral compensation.

                                                             ii.      Receive no financial incentive.

c.       Services to supervise the implementation of telecommunications services by a third party.

d.      Services to supervise the implementation of an internal phone system by a third party from whom the system was purchased.

7.       Preventative maintenance services

Month-to-month services to maintain existing personal computers and servers where the following items utilizing software tools that are licensed to us including the following:
*** The question is whether any of the individual items are subject to sales tax, beyond what is noted, and whether the taxability of the individual item, being a very minor portion of the overall service, impacts the overall taxability of the service, where the general nature of the services are connected to ongoing maintenance are have no direct connection to the sale or implementation of tangible goods. If an item is deemed to be taxable (e.g. antivirus software), would the maintenance service be taxable such software was billed as a separate line item?

                                                               i.      Antivirus software that is:

1.       Purchased by the client from a third party, but monitored by us

2.       Installed by us on the client computer though we retain the license as part of our maintenance program and the customer has no access to the administration

                                                             ii.      Computer clean-up software tools that are:

1.       Installed by us on the client computer though we retain the license as part of our maintenance program and are the only ones utilizing the software

2.       Not permanently installed on the computer and are only utilized while the maintenance is being performed

                                                            iii.      Remote access utilities (e.g. LogMeIn) where the remote access service is provided online (Saas) by a third party, but a small agent is installed on the clients’ computers and:

1.       We purchase the service from the provider, pay them sales tax, and utilize the software for exclusively for remote maintenance and support.

2.       We purchase the service from the provider, pay them sales tax, and utilize the software primarily for remote maintenance and support, although we provide end-users limited remote access to their computers as courtesy for no additional charge.

3.        The client purchases this as a separately billed service, pays sales tax and it is utilized for maintenance/support and remote access by the end-users.

8.       Ongoing support services unrelated to the purchase of hardware or software

a.       Ah hoc consulting which is paid at the time of or following delivery of services and is unrelated to any specific project or software/hardware implementation.

b.      Prepaid blocks of consulting time (e.g. 30 hours per monthly) not tied to a specific project that is generally utilized for support of existing systems, but may be utilized for small projects related to the purchase of software from a third party by the client (e.g. installing Microsoft Office for a new employee).

c.       Flat-rate monthly consulting (e.g. per user) not tied to a specific project that is generally utilized for support of existing systems, but may be utilized for small projects related to the purchase of software from a third party by the client (e.g. installing Microsoft Office for a new employee).

9.       IT management consulting

a.       Consulting services to guide a customer in the operation of their business by:

                                                               i.       Identifying the types of solutions that would address a particular business need.

                                                             ii.      Selecting a specific solution, negotiating with vendors, project management, etc.

                                                            iii.      Suggesting how existing systems may be better utilized, but making no new implementations. 

Additional questions:
10.   Do the taxes delineated in TIR 13-10 apply to 501c3 non-profits and other tax exempt organizations?