Monday, February 27, 2017

Protect Yourself Before Your Phone is Lost or Stolen

We take lots of technology for granted today. And one major piece of technology we just "assume will be there" is our smartphone. We use it for email, texting, Facebook, SnapChat, fetching a ride, settling an argument, playing games, and a hundred other things. It contains all of our contacts and LOTS of really important photos.

So it can be unnerving when our phone is lost. There are really three kinds of "lost."

First there's misplaced. It's really between the seat cushions or you left it in the car. But for the moment it's lost. We're not going to discuss this kind of lost.

Second there's broken. A broken phone is a sad thing because you can hold it in your hand and know all your data is there somewhere. You just can get it. The obvious first thought is to find someone who can retrieve your data. When that happens, it almost doesn't matter what it costs.

Finally, there's gone. A phone is gone when it's stolen, dropped down a canyon, etc. In other words, you know for a fact you'll never see it again. But in this case, someone else might find that phone. With your contacts, your pictures, you banking app, and all your other data. If you've connected it to work data, then they might have access to that as well.

Here are some tips for protecting yourself and your phone.

1. Back it up!

As far as I know, every phone and every cell service provider has a way to back up your data. Use that tool! Don't delay. Don't forget. Don't make excuses about why you're not doing it. Do it.

If you want a better tool, or you want help doing this, contact your technology consultant. They tend to have really good options for backup and data recovery. After all, the one that comes free with the phone is free for a reason.

2. Document it.

This seems like overkill - until your phone is lost or stolen. Just as you should have a list of all the cards in your wallet so you can report them missing, you should have a list of all the accounts accessed by your phone without a password. If you save passwords, someone might be able to use your phone to access your bank accounts, PayPal, company email, and lots of other stuff. Take inventory. If you lose your phone, you'll be in a high stress situation and you probably won't remember all the accounts accessible from that phone.

3. Brick it.

Any good technology consultant can help you set up a system to "brick" your phone. Some call it a "remote wipe" of the phone. Basically, it means they can push a button and delete all the data on the phone. Yes, your pictures are gone forever, but so is your unencrypted password list, you company email, and all the other secure information on that phone.

Sometimes, remote wipe capability is already built into your email service. For example, this is often enabled if you have a hosted Microsoft Exchange mailbox. If nothing else, have a conversation with your technology consultant and see what you have and what you can get.

4. Manage it.

Many technology consultants offer something called Mobile Device Management. They may be able to track your phone, verify that it is protected from viruses, back it up every day, and perform a remote wipe if necessary. This is usually a super cheap option.

The bottom line: You never have to panic if your phone dies, or is lost or stolen. With a little preparation, you can feel confident that all your pictures and data are save, and that your bank accounts and company emails are safe as well. Yes, it's still a hassle. But it's a lot LESS of a hassle if you take a few extra steps.

Think of these things as a type of "insurance" for the data on your phone.

Ask you technology consultant what you already have and what they recommend going forward.


Tuesday, February 14, 2017

Electricity is Your Friend - Until It's Not

One of the best things your computer consultant can do for your business is to protect your power. Here's what you need to know.

First: Assess the reliability of your power. If your power goes out on a regular basis, you are probably very aware of it. Luckily, that's not a common scenario. But "brown outs" and power fluctuations can go unnoticed by people. Unfortunately, they don't go unnoticed by electronic equipment (computers, network equipment, printers, etc.).

A "smart" battery backup (UPS or Uninterruptible Power Supply) will have a readout so you can see the measurement of electricity moving into your building and the amount being used by whatever's plugged into the UPS. With the right software (normally included for free), you can track voltage spikes and sags.

If electronic equipment doesn't last as long as you expect it to, it might be because the power to your building is irregular. And that may be easily fixed! It might be the line from the utility company that needs to be fixed.

Some areas just never have sustainably reliable power. That makes having a UPS a requirement.

But even if you have the most reliable power, a UPS is still a good idea.

So the first thing you should do is to assess the reliability of your power. The second is to verify that all of your important equipment is plugged into a working UPS.

There are two pieces to that puzzle: 1) You need a UPS. 2) It should be working.

Too many people buy equipment and then assume it will work forever. It won't. The most reliable thing a UPS will do is provide surge protection. That means it will protect you from electrical spikes that can come any time, even with most reliable power from your utility.

The second thing a UPS does it to provide actual "conditioned" power. That means that the power supplied to your electronic equipment is stable. There are no spikes or sags that can blow out the electronics. The UPS does this in part through it's circuitry and in part because of the third thing it provides: a battery.

Electricity flows into the UPS and charges the battery. The electricity might spike up and down, but the system reliably charges the battery. Power flowing out of the UPS flows through the battery. So the output is always consistent. Even if the electricity from your utility goes out altogether, the UPS continues to power equipment from the battery. Nice and even and reliable.

. . . Unless the battery's dead. If the battery can not longer hold a charge, then you basically have a very heavy surge protector.

UPS batteries normally last about three years. You can always test one by plugging in a piece of equipment (I recommend a lamp, not a computer) and unplugging the UPS. If the equipment goes out immediately, your battery needs to be replaced. You computer consultant will probably be able to order one, unless the battery is super old.

If you have a "smart" UPS, you should be able to get a readout that tells how how many minutes your UPS will stay up when the power goes out. This readout is notoriously wrong. A stress test will tell you the correct answer. With a stress test, you unplug the UPS and watch how long in actually takes for the battery to die. Your consultant can do this safely without causing problems with your computers.

What Should be Plugged Into a UPS?

You want to plug "electronics" into a UPS. That means computers, servers, network equipment, phone systems, and all the things that have those annoying plugs with rectangular boxes on one end or the other. Generally speaking, those things all have circuits inside that can be fried.

Here's a list in descending order of importance (From my point of view. Your IT guy may put these in a different order.):

- Your Server
- Desktop and laptop computers
- Monitors
- Storage arrays, NAS, SAN
- Switches
- Router
- Firewall
- Phone system
- Voice mail system
- Wireless access points
- Scanners
- Other network connected equipment such as backup device, spam filter, etc.
- Specialty equipment
- Televisions
- Stereo/music systems

And here's a list of things that should NOT be plugged into a UPS. These things generally draw a lot of electricity, are less fragile, and can damage your UPS:

- Heaters
- Fans
- Anything with a motor (e.g., electronic desk controls)
- Printers (unless you have a specialty UPS designed for this)
- Large all-in-one business machines
- Refrigerators
- Lamps
- Electric staplers
- Power tools, including battery chargers

One time we had a large client (about 75 users) who had all kinds of stuff plugged into the UPSs, so we went through the office and put green electrical tape on the end of any cord that COULD be plugged into a UPS. If we ever found anything else plugged in, we were authorized to unplug it and work with the employee to find a safe place to plug it in.

A few notes to remember:

1) A power strip is not a surge protector unless it says it's a surge protector

2) A surge protector is not a UPS (battery backup). When the electricity goes out, it's dead.

3) A good, brand name UPS can save you thousands of dollars. But they need to be maintained. Batteries need to be replaced. And they need to be tested from time to time.

This Costs Money

I get very frustrated with business owners who think they can buy something once and never put money into it again. You can't do that with anything in your life or business. Stuff gets old. It wears out.

UPSs for every desktop cost a little money now. Consider a good UPS to be a three-year insurance policy for electrical problems. Depending on what you buy, that might be $100-$150 per desktop. For that you get uninterrupted work, no electrical spikes, and protection for unforeseen electrical problems. Plus you don't have to buy a new PC or monitor for that workstation due to electrical problems.

It's rare to have a major electric problem. But they happen to SOMEONE every day. If you lost every piece of computer equipment in your office right now, how disruptive and expensive would that be?

Talk to your computer consultant about tuning up your UPSs today.

Saturday, August 20, 2016

The Three Biggest Mistakes Non-IT People Make When They Plug Things In

This might sound silly at first, but it's not. If you're not an IT Professional, you may be plugging some things in wrong - costing yourself money.

Please note: I am not suggesting that non-I.T. can't do the stuff I talk about here. But we see clients doing certain things over and over. So we know that these problems are out there and we know to keep an eye out for them.

There are three primary areas where things get "plugged in" incorrectly: 1) Things plugged into the wrong slot on PCs/Servers; 2) Network cables and equipment; 3) Electrical.


There are lots of places to plug things into your laptop, desktop, or server. And as odd as it sounds, sometimes things fit into slots even though they shouldn't be plugged in there. This is totally the fault of the hardware manufacturers and the industry standards. Even if you're not an I.T. pro you might be amazed at how many interfaces we've created that can use wrong!

The biggest current example is the USB slot. If you have really old computers, they might have USB 1.1 slots. Those devices transfer data at 12 Megabits per second. That's slow!

Most computers today have both USB 2.0 and USB 3.0 slots. USB 2.0 transfers data at about 480 MBits/second. Obviously, a hard drive plugged into this slot is going to be a lot faster than a 1.0 slot. On older machines, with USB slots in both the front and back of the computer, the slots in the front were normally 1.0 while the slots in the back were 2.0. I have no idea why this is, but some devices will only work if plugged into the back of the machine!

USB 3.0 can operate at 5,120 MBits/second (5GB). That's a LOT more than the 2.0 generation. But you need really good cables for this. You can't plug in old cheap cables and get that kind of speed. But wait! there's more.

The USB 3.0 slot will not work until an operating system is loaded. So, for example, if you plug a keyboard into the 3.0 slot and you need to press a key during boot-up, you won't be able to . . . because the operating system hasn't loaded yet. Only the 2.0 devices will work at that point. So things like keyboards and battery backups need to be plugged into the 2.0 slots.

Lesson: Just because it fits and appears to "work" doesn't mean it's the right configuration!

Network Cables

The most common problem we find with networks that we come across is that they are operating a LOT slower than they could be. Sometimes this is because one piece of equipment needs to be faster. But very often it's because things are just plugged into the wrong places.

Again, the standard network interface plugs in the same no matter how fast or slow the wiring is. The jack is called an RJ-45 and it looks like a telephone jack, only a bit bigger. If you have the right equipment and the right cables, this might operating at 10 MB per second, 100 MP per second, or 1,000 MB per second (1 GB).

Please take a look at this diagram. Don't worry, we won't get too technical. Just remember: Every device and every cable in this diagram might operate at a different speed.

Because bandwidth has exploded from 128K lines to 1 MB, 10 MB, and 100 MB, the world is filled with old equipment that just can't take advantage of the faster speeds! Most desktop PCs and servers have 1 GB network cards. That means that they can move (theoretically) ten times faster than a two year old 100 MB switch.

Also, many devices have one or two really fast ports and the rest operate a little slower. So you might have a 1 GB port on your firewall. But if the network cable is plugged into a slower port, then you're not using all the bandwidth you could. The same is true on the switch, the server, etc. You might be able to get MUCH faster speeds by simply plugging things into different ports!

Lesson: Just because it fits and appears to "work" doesn't mean it's the right configuration!


Electrical issues are a little different. For the most part, plugging things into the wrong place won't cost you any extra money. It just reduces safety and the security of data. There are two common ways that things are plugged in "wrong."

First, some things are just not safe. UPS battery backups should not be chained together. It's unsafe at a minimum - and it's a fire hazard. The same goes for power strips, extension cords, etc. This is one I know you know. But we see it all the time.

Another unsafe configuration we see is to have fans and heaters plugged into UPS battery backups. Those things should be plugged into the wall directly. The UPSs are not rated for heaters or spinning motors. This is a true, imminently dangerous thing to do.

You should also never plug a laser printer into a normal UPS battery backup. There are industrial strength UPSs designed for printers but unless your printers are mission critical during a power outage, you probably haven't bought one of these.

Second, we see a lot of things plugged into the wrong outlets on the UPS. Very often, the UPS battery backup will have two sets of outlet. One set is just a surge protector. Things you plug in here will go OFF when the electricity goes out. So it's okay to plug your speakers and electric stapler in here, but not you computer and monitor.

The other set of outlets have surge protection plus battery power. So they will stay ON when the electricity goes you. You should plug you PC and Monitor into these - and nothing else!!! This will maximize the up-time you will experience should the lights actually go out.

Again, I don't want this to come across as arrogant. These things seem simple enough. You can plug things in and make them "work." But that's not the same as having them work as well as they could.

I have a theory I call The Paradox of Simplicity. The Paradox of Simplicity is this: Technology becomes easier over time until the non-expert can perform the technical task well enough to get by, but not well enough to rely on for business purposes. For example, I can buy Adobe Photoshop and make "OKAY" graphics. But I'm not a graphics pro and never will be, no matter how good the tool is.

Things are easy "enough" that anyone can make a computer work, make a network connect, or plug in the equipment. But the result might not be as fast, secure, and safe as it could be. You've all heard the saying: Good enough isn't.

It's just one more reason why you should rely on a successful network professional to help you set up and maintain your office!


Sunday, June 12, 2016

Signs Your IT "Guy" is an Amateur

Strangely enough, no one has ever asked me why I called this blog "Consultant or Amateur?" So I'll tell you!

I came from a professional I.T. background. I managed large-scale computer systems across several states. I managed large teams of people. I managed the outsourced resources that made several different companies successful.

So when I started my own technology consulting company, I put a premium on being professional. At first I thought that meant dressing professionally, having standard offerings, and delivering what we promised. But as I met more and more small business owners, I realized that my so-called competition was in a completely different league when it comes to professionalism.

Time and time again I met business owners who had been ripped off and mistreated by the IT "Guy" before me. Here are a few examples:

The Untrained
- One computer consultant recommended that a client uninstall the brand new operating system from her brand new computers and install the previous version because it was more stable.

What that really means: 1) This guy is too lazy to learn the new operating system. 2) This guy wanted to drum up thousands of dollars in billable labor to "fix" perfectly working machines and turn them into last-generation technology. 3) This guy cared more about his own pocket book than about the client's experience or business.

The Thief
- Many (too many) IT consultants sell used equipment as new. They buy illegal software and sell it for full price. They bill for work they didn't do. Basically, people like this are scratching and clawing to make a little money any way they can.

This is bad enough. But it's also a sure sign that these people do not have the connections to get good equipment, replacement parts, warranty service, etc. It's also a good indicator that they'll be out of business and gone when something important breaks.

- These folks never document anything. Or at least they don't share the documentation with the client. So business owners don't know the passwords to their server, router, firewall, email provider, Internet service provider, etc. This is a HUGE PET PEEVE of mine. I wrote a book on documentation and I made a huge point of encouraging people to share this information with the business owner - because it's their network.

There's some strange belief among secret-keepers that they have more job security if they don't share any information. They don't know how wrong they are! Unfortunately, I've made a LOT of money figuring out how to give new clients access to their own equipment and servers after they fire the secret-keeper!

The Mine-Mine-Miners
- I don't know what else to call them. If I knew WHY these people do what they do, I'd have a better name for them. These people put everything in their own name. I have one client whose Internet connection is in the name of an IT guy they hired for three months - 18 years ago! They can't change it except to just switch to a new ISP. It's ridiculous.

These people register the server, the network equipment, and all the software in their own name instead of the business name or even the business owner's name. Again, maybe they think this is some kind of job security. But when these people are gone and you try to get control of your own equipment - which you paid for - it can be a huge hassle. And, again, I've made a lot of money helping people take control of something that should have been under their name in the first place.

This includes Internet Domain Names. I've seen cases where the IT Guy registered domain names in his own name and then would not transfer them to the rightful owner - even though the small business owner paid him for the registration! In more than one case, the domain expired and the rightful owner could not renew it or transfer it because the IT Guy had it in his own name and he disappeared.

The Old-Timers (of any age)
- These folks just can't bring themselves to learn new stuff. They don't sell the latest equipment because clients aren't asking for it. Well, it's not the client's job to know what's new and ask for it. It's the IT professional's job to know what's new and recommend it. These people also perpetuate fear about things like Cloud Services. When I hear that "the cloud" is unsafe, un-tested technology I'm reminded of when people used to say that the Internet was just a fad.

The Un-Safe
- Un-safe technicians tell you stupid stuff like you don't need a firewall. Or you don't need a backup. Or you don't need an anti-virus program.

Let's turn this around. If your business has any value whatsoever, then you need to protect it. If your programs and data help you make money, then you need to back them up. If it would be a bad thing for someone else to get all your information, then you need a firewall. And if someone really has to convince you to get anti-virus, then maybe you're the amateur as well as your IT Guy.

We have a saying in our company: We can't care more about the client's business than they do. If you care about your business, you do the basic things to protect it. You lock the front door at night, you have insurance, you have a firewall and AV program, and you back up your data.

YES - It is possible to overspend. But most businesses underspend. And that's why lots of them go out of business after a disaster. 99.9% of all IT-related disasters are both preventable and easy to recover from - IF you've spend a little time and money preparing for a disaster. It's not difficult or expensive to have true business continuity or disaster recovery.

What to Look For

Here's a simple way to look for a professional IT consultant.

- Ask about their trainings and certifications. Training and experience are more important than certifications.

- Ask them about their SOPs - Standard Operating Procedures - for selling hardware, software, and service.

- Ask them about their SOPs for documenting your network.

- Ask them to describe their preferred network security and disaster recovery options.

- Ask them about what they sell and what they expect to sell in the next three years.

A professional technology consultant should be able to discuss each of these and sound confident and knowledgeable. You should also not hear any red flags like, "We prefer the old system," or "We're not recommending new technology yet."

It can be hard to hire an IT professional when you're not a professional in IT. But if you put out a little extra effort now, you can avoid a lot of grief in the future!


Saturday, June 4, 2016

Reusing Passwords Will Kill Your Business

Do you reuse passwords? If so, it's just a matter of time before the bad guys break into your network, your laptop, your bank account, and your business.

Since computers were invented, we have had to balance use-ability with security. And business owners have always hated passwords. I can't tell you how many times I've been told that I should make a password easy to remember.

I'm sorry to tell you: Those days are long gone.

There are now literally millions of bad guys hacking and cracking into everything they can find. People with poor security habits have all kinds of juicy information on their computers (Social Security numbers, birthdays, credit card numbers, and of course password lists!).

Some of this information is used to break into accounts. Some is used to open new credit card accounts or redirect your tax return to a new address. Lots of it is sold in bulk to organized crime syndicates in other countries. And then the aggregated data is sold again and again to bad guys who want to generate fake profiles, credit cards, and more.

As you read about break-ins for large companies like Target, just remember that that are thousands of breaches that never make the news for every single breach that does. Most are never reported because it's not required. In fact, most are not reported even if it is required because there's no real enforcement.

Here are the most obvious things you can do:

1) Have good passwords. 
That means they are long(ish) and complex. Complex means that standard stuff you hear about all the time: Upper and lowercase letters, symbols, and at least 8-12 characters.

2) Never use a password that exists on any list anywhere. 
For example, if you use a single word that is found in a dictionary, it takes only a few milliseconds for a computer to guess your password because the computer has it's own "dictionary" that includes all the words in all dictionaries for all languages. It also includes all lists of all passwords that it has ever come across.

3) Change your passwords from time to time!
You don't necessarily have to change your password every 30 days - but it doesn't hurt. But you should change all your important passwords (bank, payroll, work) at least once every three months.

And here's one more thing that most people don't think about:

4) Don't reuse passwords. 

Consider this: You probably have passwords on dozens if not hundreds of web sites. I use a password manager that stores about 800 of my passwords. With that many accounts out there, it's almost guaranteed that one of those accounts will get hacked this year. So my username and password combination will now be out in the wild for the bad guys to buy.

Why is that valuable? Well . . . If I reuse passwords (as most people do), then that username/password combination will be guaranteed to work somewhere else. So now the bad guys have lists of all the passwords out in the wild, but they also have some known-good combinations.

Social media accounts are always under attack. Most recently, MySpace and Tumblr were hacked. If you have one of those accounts and use the same password for Facebook, LinkedIn, etc. then the bad guys have those passwords as well.

The bottom line: Some account you have somewhere will be hacked. With luck, it will be an unimportant account. And if you don't have the same password everywhere, then the damage will be isolated to that one account. But if you reuse one password all over the place, then the chances that other accounts will be hacked goes up significantly.

Action Steps:

- Contact your I.T. consultant and find out what they recommend for password policies and password management.

- Change your most important passwords right now - and make them all different!

Additional Resources

Here is a Google search for Password Managers. I use an off-line password manager so that it's not hosted somewhere and the focus of targeted attacks.

Here is a password testing tool. Set the year to 2020 and see how quickly your passwords can be cracked.

Just remember: Even if this password can't be cracked in a million years, a list of passwords that includes this one might not be as secure!

Finally, here are the 100 most popular passwords in the last year, in alphabetical order. You can be guaranteed that these will be cracked in less than one second.



Let's be safe out there!


Thursday, February 18, 2016

Don't Go Phishing - An Email Safety Tip

I am preparing a training for my clients on how to avoid problems that show up in email. Whether it's work email or home email, certain "bad" emails will always get through. If you have a good anti-virus program and a good spam filter, you shouldn't get viruses in your inbox.

But "phishing" is another program. Phishing is pretty much what it sounds like - bad guys are fishing to see who will bite. Here's a great example of a phishing email:

Notice the popup that says "http://s522558593... ." We'll come back to that.

When you get any email that includes links, do not click on anything unless you are 100% sure that it's real. For example, if you receive a regular newsletter, those links are probably safe.

Here are some quick tips for dealing with phishing emails.

First, be suspicious. Phishing emails often look very real. They will frequently have a "scare" tactic to get you to click without thinking. For example, a letter was returned undeliverable. Make sure we have the right address.

Well, wait a minute. Do you even use this product or service? Do you care if a letter went missing? Is this your bank?

Second, never click on the links in an email unless you asked this person to send you this email. If your bank has an urgent message for you, then open a browser and log into your bank. That way you'll know YOU initiated the contact and that it's really your bank. If there's an urgent message for you, it will be there.

If you want to see where the link is really going, float your mouse over it. See the example above. The "link" looks like it's going to, but if you click it will really go to that long link instead. In this case, that link is to a server with a reputation for sending massive amounts of spam email. If you click anything, you verify that your email works and they can sell it again.

I did not click on the link because 1) I don't use CoveredCA, and 2) I floated my mouse over it and the address was different.

But if I had clicked, I bet it's a site that looks very much like the "real" CoveredCA web site. But when you put in your information, if fails. In reality, you have just given the bad guys your username and password!

That's what they're fishing for.

The bad guys convince people to let their guard down. You need to have some hard, fast rules that you never break. And remember that the government will never initiate contact with you. And neither will most large businesses!

And here's a bonus tip: If you receive an email with an attachment, never open the attachment unless you asked that person to send you that email.

In general, click less and slow down. When you go fast, the bad guys can trick you into clicking when you should be deleting!


Saturday, February 6, 2016

Beware Budget Bifurcation

Humans have an amazing capacity to isolate various pieces of our lives and treat each independently. Perhaps we have to do this in order to make decisions at all and not be overwhelmed with data.

But sometimes we know very clearly that two things are directly related and choose to ignore this relationship anyway. This is called bifurcation.

The best example of bifurcated thinking is the government budget process. In the spring, Congress passes all kinds of laws with almost no attention to costs. Policy is all that matters. Then, in the Fall, they look at the costs of all  those programs and start  cutting and trimming costs - without regard to the policies.

Yes, the government always manages to overspend. But there is a budget process. And the most common compromise is the very simple and predictable: Split the difference. In other words, the House and Senate meet halfway in the middle - without regard to the policy differences.

What's this got to do with Small Business? Unfortunately, A Lot!!!

Business owners are also tempted to use bifurcated thinking when they budget as well. But unlike Congress, you can't go over budget without feeling the pain - and you can go out of business.

The most common example of bifurcated thinking in small business involves saving money in the wrong way. I call this "Saving the wrong pennies." Here's a great example.

Last year, one of my clients bought a new laptop. They only needed it for a few simple tasks, so they bought a low-end $300 machine instead of the business class machine I recommended for $600. It looks like they saved $300, right? Wrong - by a long shot.

Super basic, low-end equipment almost never saves money. That extra $300 was saved somewhere by the manufacturer. As a result, setting up the machine to work on a network was slower. Since that's billable labor, the client paid more for the setup right off the bat.

Then they started using it and found that it is noticeably slower than other machines in the office. "That's okay," they said, "We just need it once in awhile for low-end needs."

But right away they were disappointed because the new laptop printed very slowly and the printouts were often grainy, especially with photos. That's because the machine has almost no video memory, and almost no processor cache. Those are "specs" that almost no one compares, and they are very important for good performance.

And you know what happened next. They hired a new employee and that laptop is now used as a desktop computer every day. It is super slow and doesn't do the most important thing a computer should do: Make the user more productive!

So the client asked if we can upgrade the graphics card. But of course they can't. On a nicer laptop they might be able to upgrade the graphics - but they wouldn't need to because it would already have a better graphics card.

Now that they feel the pain, they see that the laptop is really only good for a few tasks and they'll pay whatever it takes to get something that performs well. This reminds me of a twist on an old saying: "We don't have money to do it right, but we have plenty of money to do it over."

Bifurcation Warning: You can always make decisions on price alone, but don't be surprised if that becomes a powerful, expensive decision in the long run.

The solution to this is surprisingly simple: Find a technology consultant who will give you good, honest advice and help you with long-term planning. A good consultant will help you create some kind of technology budget instead of just reacting to situations as they arise. Very often, the answer will be to save money in the short run as well as the long run!

Ideally, you have an ongoing maintenance contract and hold quarterly "roadmap" meetings to discuss your technology needs going forward. Once your I.T. consultant knows about your plans for the months (and years) ahead, they can help you make wise long term decisions.

For example, I recently had a client with some minor but annoying problems on a desktop PC. Knowing that the machine was scheduled to be replaced in two months, I asked her how much time I should spend on it. This reminded her about our earlier "roadmap" discussions and she said to limit my time to one hour.

Your I.T. consultant should be a consultant. That is, they should give you good advice that serves you well in the long run.

Be of one mind. Stop the bifurcated thinking!