To adapt your business to the changing landscape, it’s now more important than ever to pay attention to what’s happening in your IT department. While many small- or medium-sized businesses (SMBs) can’t afford a full-time Chief Information Officer (CIO) position, they are realizing the value of having a budget-friendly virtual Chief Information Officer (vCIO) to provide guidance for how to proceed.

A vCIO can help you prioritize your IT budget and deep dive into which IT initiatives will most benefit your organization and keep you more secure. However, they shouldn’t be just offering technical advice without a plan. They should provide a roadmap to show you how to use IT to solve your business problems and meet your goals, communicating with you regularly about where you are along the path.

Since we have a few vCIOs of our own, we asked them to share a few examples of topics of concern that often arise during Strategic Review meetings with executives. Here is what they said..

“Secure Your Critical IT Systems”

Do you have a budget for paying ransoms? Most SMBs don’t. That’s why having a vCIO guiding your security needs is vital.

Statista reports that ransomware attacks have risen since 2018, with 68.5% of worldwide organizations being attacked in 2021.

This statistic means that you’re more likely to be targeted for ransomware in 2022 than not.

In fact, the U.S. Justice Department called 2021 the “worst year ever” for ransomware, with companies losing over $4 billion.

If you think that cyberattackers are only targeting large businesses, think again. Over half of the businesses asked to pay a ransom in 2020 were small businesses.

The average ransom that mid-sized companies paid was $170,404. However, the average total bill for everything involved in a ransom attack was $1.85 million, factoring in downtime, device and network costs, lost business opportunities, repair costs, and paying the ransom.

Some companies even paid the ransom and still lost their data.

As you can imagine, thousands of companies hit with ransomware end up going out of business every year.

If you don’t have a $1.85 million budget line item for a ransomware attack (most SMBs don’t), it’s a good idea to make space in your budget for a vCIO to help you patch up any holes in your security. I promise that a vCIO is far cheaper.

I’ve heard so many business executives say, “I think we’re good in our IT security.”

Thinking you have good IT security, and knowing, are two entirely different things.

I hope you wouldn’t say “I think I have enough money in the bank to cover our payroll checks.” You’d know that you have enough money in the bank. Otherwise, you’d face bank fees, angry employees, and even lawsuits.

Likewise, you must know that you have what you need to cover your cybersecurity needs for when (not if) you have an attempted cybersecurity breach.

Why gamble with your cybersecurity? It’s not very good odds.

Cyber attacks are growing more common and more expensive, and there are no signs of these attacks slowing down.

If you do everything right in your business and then lose it over a cyber attack, you’d wish you’d known rather than just thought you had robust-enough cybersecurity.

“Hire Experts Whenever Possible”

Hire a professional when you need a professional.

I’ve encountered so many small business owners that do their own IT or let one of their employees who “knows about computers” handle everything. This strategy may have worked in the past, but the business world and IT world are evolving. Are you evolving with them?

For many companies, keeping up with technology has become a do-or-die issue in the past few years. Change is a must.

Customers and clients have started expecting more virtual availability from businesses. Have you kept up with customer demand? Have you migrated to the cloud? Do you have a backup and disaster recovery plan?

I used to do a lot of my own car repairs to save money. But, cars have changed. I can’t just change a spark plug or replace a part and solve all my problems. Everything is computerized and requires special tools to even diagnose problems, especially with some fancy makes like Tesla. I even know old-school mechanics who now take their cars to the dealership for repairs.

Today, if you don’t hire a mechanic with the specialized equipment and training needed to work on newer vehicles, you can end up damaging your vehicle rather than repairing it.

With that type of risk, I always hire a certified mechanic to ensure my car will continue to perform correctly and reliably. Don’t you?

If you wouldn’t do your own car repair, why are you trying to do your own IT work?

“Ask for Progress Reporting”

Scheduling regular communication and progress reports are the keys to a successful long term vCIO partnership. Your vCIO should understand your business strategy and create a well-defined technology roadmap. However, if you’re not asking for regular progress reports, you can find that you’re in for budget surprises or projects that last longer than you expected.

A vCIO may be so focused on delivering services and improving performance statistics that they overlook their clients’ business strategies. That’s why it’s important for your vCIO to provide regular progress reports to show where you are on your technology roadmap.

Regular progress reports should:


Hiring a virtual CIO may be one of the best decisions you ever make. They have the expertise you need to keep your small or medium-sized business’s IT up-to-date in 2022.

An outsourced vCIO is also more affordable than hiring a new full-time employee because you don’t have to worry about paying benefits or other costs related to hiring someone to be onsite all the time.

StepUP IT has been finding customer-centric IT solutions for companies like yours since 2001. We support over 50 organizations throughout Oregon.

Our highly-experienced vCIOs will do an in-depth assessment of your current IT infrastructure to determine what your organization needs. Our vCIO focus areas include:


Book a call to find out how we can serve you today.