Posts

Custom Software Development: Care & Feeding Tips

custom software development maintenance

Custom Software Development – Post Implementation Tips

Custom software applications help businesses get the exact functionality they need. When you’re the only business that does what you do, custom software is a way to add speed and enforce structure, while retaining your unique business processes.

Software Development Tools

Over the last 20 years, our software development team has developed, modified and maintained tons of custom applications. In our early years, we used Microsoft Access for many of the applications we developed.  In fact, we still do quite a bit of Access maintenance work. However, for new software projects, we’ve primarily switched to using rapid software development tools like Django and Python with PostgreSQL or Microsoft SQL Server.

If you’re the business owner or department head, you probably don’t care that much about the software development tools themselves. Your focus (rightly so) is on getting the right solution that fits your needs and is easy to maintain.

What often gets overlooked is the plan for routine custom software maintenance.

Maintaining Custom Software

Like ALL software, custom software needs to be regularly updated and maintained. Unlike off-the-shelf software, the maintenance schedule is primarily driven by you. Certain events may trigger an update:

  • Release of new operating system environments (like Windows 10)
  • Loss of a key software developer
  • Upgrade of a connected software application
  • Change in business processes and procedures

But some clients like to play the “How long can we hold out from upgrading?” game.

Is this you?

  • You have an older computer or server entirely dedicated to running this one application.
  • There’s only one person who is allowed to touch the programming code for fear the entire system will crash.
  • Your business can’t upgrade its systems or business processes because you don’t know how it will impact your custom software.

Outdated Custom Software Creates Risk

You may think you’re stretching your IT budget, but that’s not always true. Delaying custom software updates can add unnecessary risk and cost.

  • Clients who maintain their software regularly typically don’t have to start from scratch every few years.
  • As technology advances – and your custom software doesn’t – your company may be missing out on features that increase efficiency, security and profitability.
  • You may be “forced” to upgrade or replace your software at a time that’s inconvenient.
  • You risk having no one left who is willing or able to support your application.

Make Updates Part of Your Custom Software Development Plan

If you decide to build custom software, budget a certain amount of money to keep your software up-to-date and backed up. You may not know which operating system or database updates will require a patch to your software, but you can expect to do some software maintenance on a regular basis.

Backup and Recovery for Custom Software

Companies that use custom software need to have backup and recovery processes for both the production system and the software source code. The production system, which is the executable version of the software in use in your office, should be backed up regularly with the rest of your company files and databases.

You should also consider how and where the source code is backed up. Without the source code, you won’t be able to make changes to the software program itself. You and your software development company should discuss how many versions of the source code to keep, and the frequency and location of the source code backups. You should be able to access this code in the event something happens to your software development team.

Finally, insist on keeping a change log of updates to the software. If you ever need to bring in a different software development team, this documentation can help them get up to speed quickly.

Need Help?

The custom software development team here at Eclipse Consulting has built mobile apps, custom apps, integrations, and customizations using a wide variety of software development tools. We can help you build from scratch or update the solution you have in place today. See the questions you need to evaluate small business IT consulting services.

Give us a call at 586.263.1775 or click below to see how we can help.

Request a Tech Check

Data Breach Protection Essentials

How to Prevent a Small Business Data Breach

How can you protect your company from a data breach?

Recent Data Breaches

Seems like every time you turn around, you’re hit with news of another major data breach. Just in the last few months:

Ransomware Attacks

We’ve also seen the rise of the threat of ransomware. Ransomware is malware that encrypts your files, making them unusable. You may see an image like the one below

Ransomware Example

data breach via ransomware

In a ransomware attack, the perpetrators promise to unlock your files if you pay the ransom. If you don’t have a reliable, recent backup, you may have no choice but to pay the ransom because everything in your system is unusable – including email, Word docs and databases.

The City of Atlanta recently experienced a ransomware attack where the than attacker demanded a $50,000 ransom. So far it’s cost the city $2.7 Million Dollars and major headaches to restore their system and tighten up their data security settings. Employees have resorted to paper-based applications and manual processes to keep operations running.

You may be thinking…

If these major companies can’t protect themselves from data breaches, how can small businesses expect to?

If you’re a small business, you have a few advantages over major corporations. First, small businesses are less of a target. Hackers go after big businesses because the payoff is big. Additionally, small businesses typically have more control over their IT environment. You actually have an advantage in protecting your data if you follow a few basic data security steps.

What is a data breach?

A data breach occurs when an unauthorized person gains access to your data.  The question is how they were able to access to the data.

The most common data breach causes are:

1.      Malware in email.

A user could click on a link in an email that causes malware to be installed on their computer.  This malware could then allow the attacker access to the computer, which then replicates itself to computers, servers and may even send emails to all the contacts in your contact list (including clients). This malware can slow down system performance, crash your system or display annoying popup ads. See 13 warning signs that your systems have been infected by malware.

Solution: Hover over any link and inspect where that link is going to. When in doubt, go to the company website and login there. For example, if you get an email from PayPal saying you need to update your password, instead of clicking the link in the email “PayPal” sent you, just go to the PayPal website and see if they’re prompting you for a password reset.

Also, be careful about opening any attachments. Computer viruses can be disguised as .PDFs, .XLS and other familiar formats. Have a reputable anti-virus software program installed on all machines at all times. Keep your anti-virus software up-to-date and regularly scan your computer.

2.      Email phishing tricks.

We recently had a user who was tricked into entering their email credentials into a fake web site.  The attacker was then able to login into this mail account.  They would have had access to any email in her mailbox (financials, emailed passwords, etc.).  In this case the attacker used the credentials to send spam from her account, probably trying to infect other systems.

Last year, even a White House officials were tricked into responding to a fake email that purported to be from Jared Kushner, but in reality was sent by an email prankster.

Solution: Adopt Office 365 or G Suite for your business. These solutions come with added security measures that consumer email systems don’t provide. Don’t EVER provide confidential information through email.

3.      Insecure websites.

Attackers can also gain access to servers through insecure web sites.  Once they have access to the website, they can then access any database on the server and the content in the databases.  This could be anything from e-commerce orders to financial or medical information. As an example, Drupal recently released a patch for a major security hole that allowed a virus to execute simply by browsing to a URL. Because WordPress runs about 25% of all websites today, it’s a big target for hackers.  The database, themes and plugins are continually being updated with added security measures. If you don’t apply the patches, you leave yourself vulnerable.

Solution: Companies who have had a web site developed, but don’t maintain it are putting themselves at risk. Website data security best practices create rigor around keeping your database, themes and plugins up-to-date. You’ll also want to ‘harden’ your website security settings and have a strong firewall in place.

4.       Password sharing / password weaknesses.

The easiest way to gain access to your small business software programs is to give someone your password. You may be sharing your password intentionally. Some companies share one password among employees to save money or for convenience. Other times password sharing may happen unintentionally. We’ve seen passwords written on post-it notes stuck to laptops. Now everyone who passes by while you’re working in the coffee shop can get into your systems.

Solution: Don’t share your password. Give each employee and contractor their own passwords. Have strong employee onboarding and offboarding procedures in place. Use a password software program like LastPass or Dashlane to create more sophisticated, and unique passwords for every site.

What about SaaS Software Solutions?

A question we commonly receive from clients is about online data security and the risks of SaaS (Software as a service) solutions. For example, with QuickBooks Online your financial data now resides on a server managed and maintained by QuickBooks. While that may feel risky, studies show that your data is usually significantly MORE secure when managed by a major online software company than when it resides on your own internal server.

Major software vendors like Microsoft and QuickBooks have invested in building sophisticated, multi-layer security systems.  They do all the backups and keep the system up to date. DIY IT Services can be a mistake, costing you more in the long run than you’re saving. If you are considering using a smaller, lesser-known company, you should investigate their data security measures. If you’re not sure what to buy, consult a reputable IT services provider for help in software selection.

What about Cloud Business Application Hosting?

A trend in small business IT strategy is to move your databases and applications from your physical location in your office to a cloud hosting platform like Amazon Web Services (AWS) or Azure. The security measures you need to take are the same, EXCEPT with AWS and Azure, you have the advantage of using their multi-layered security measures, and you’re at less risk for things like fires, flooding, hurricanes and other disasters.

Most data breaches are preventable.

Following these simple steps you can avoid most data security breaches.

Small Business Data Breach Security Steps

1.       Train employees to be wary of suspicious emails and websites.

2.       Don’t share passwords.

3.       Change your passwords frequently and make them hard to guess.

4.       Keep your software programs up to date.

5.       Keep your website up to date.

6.       Routinely use anti-virus software, firewalls and other data security measures.

7.       If you don’t have IT staff, hire an outsourced IT services company to keep your IT environment secure.

8.       Have backup and recovery procedures in place. If you need to restore your data, you can.

What if you get infected by a computer virus, ransomware or other malware?

Act IMMEDIATELY.

The quicker you can respond, the more likely it is that you’ll be able to thwart your attacker. Your employees should know who to go to in the event of a data breach. Seek the help of IT Support for malware removal, and just as importantly, close the security holes that caused the data breach in the first place.

If you need help, give us a call at 586-275-1775!

Request a Tech Check

Portfolio Items