Our vCIO Best Tips for SMBs in 2022

To adapt your business to the changing landscape, it’s now more important than ever to pay attention to what’s happening in your IT department. While many small- or medium-sized businesses (SMBs) can’t afford a full-time Chief Information Officer (CIO) position, they are realizing the value of having a budget-friendly virtual Chief Information Officer (vCIO) to provide guidance for how to proceed. 

A vCIO can help you prioritize your IT budget and deep dive into which IT initiatives will most benefit your organization and keep you more secure. However, they shouldn’t be just offering technical advice without a plan. They should provide a roadmap to show you how to use IT to solve your business problems and meet your goals, communicating with you regularly about where you are along the path. 

Since we have a few vCIOs of our own, we asked them to share a few examples of topics of concern that often arise during Strategic Review meetings with executives. Here is what they said..

“Secure Your Critical IT Systems”

Do you have a budget for paying ransoms? Most SMBs don’t. That’s why having a vCIO guiding your security needs is vital. 

Statista reports that ransomware attacks have risen since 2018, with 68.5% of worldwide organizations being attacked in 2021. 

This statistic means that you’re more likely to be targeted for ransomware in 2022 than not.  

In fact, the U.S. Justice Department called 2021 the “worst year ever” for ransomware, with companies losing over $4 billion. 

If you think that cyberattackers are only targeting large businesses, think again. Over half of the businesses asked to pay a ransom in 2020 were small businesses.

The average ransom that mid-sized companies paid was $170,404. However, the average total bill for everything involved in a ransom attack was $1.85 million, factoring in downtime, device and network costs, lost business opportunities, repair costs, and paying the ransom. 

Some companies even paid the ransom and still lost their data.

As you can imagine, thousands of companies hit with ransomware end up going out of business every year.

If you don’t have a $1.85 million budget line item for a ransomware attack (most SMBs don’t), it’s a good idea to make space in your budget for a vCIO to help you patch up any holes in your security. I promise that a vCIO is far cheaper. 

I’ve heard so many business executives say, “I think we’re good in our IT security.” 

Thinking you have good IT security, and knowing, are two entirely different things. 

I hope you wouldn’t say “I think I have enough money in the bank to cover our payroll checks.” You’d know that you have enough money in the bank. Otherwise, you’d face bank fees, angry employees, and even lawsuits.

Likewise, you must know that you have what you need to cover your cybersecurity needs for when (not if) you have an attempted cybersecurity breach. 

Why gamble with your cybersecurity? It’s not very good odds. 

Cyber attacks are growing more common and more expensive, and there are no signs of these attacks slowing down.

If you do everything right in your business and then lose it over a cyber attack, you’d wish you’d known rather than just thought you had robust-enough cybersecurity. 

“Hire Experts Whenever Possible”

Hire a professional when you need a professional. 

I’ve encountered so many small business owners that do their own IT or let one of their employees who “knows about computers” handle everything. This strategy may have worked in the past, but the business world and IT world are evolving. Are you evolving with them? 

For many companies, keeping up with technology has become a do-or-die issue in the past few years. Change is a must.

Customers and clients have started expecting more virtual availability from businesses. Have you kept up with customer demand? Have you migrated to the cloud? Do you have a backup and disaster recovery plan?  

I used to do a lot of my own car repairs to save money. But, cars have changed. I can’t just change a spark plug or replace a part and solve all my problems. Everything is computerized and requires special tools to even diagnose problems, especially with some fancy makes like Tesla. I even know old-school mechanics who now take their cars to the dealership for repairs.

Today, if you don’t hire a mechanic with the specialized equipment and training needed to work on newer vehicles, you can end up damaging your vehicle rather than repairing it. 

With that type of risk, I always hire a certified mechanic to ensure my car will continue to perform correctly and reliably. Don’t you?

If you wouldn’t do your own car repair, why are you trying to do your own IT work?

“Ask for Progress Reporting”

Scheduling regular communication and progress reports are the keys to a successful long term vCIO partnership. Your vCIO should understand your business strategy and create a well-defined technology roadmap. However, if you’re not asking for regular progress reports, you can find that you’re in for budget surprises or projects that last longer than you expected.

A vCIO may be so focused on delivering services and improving performance statistics that they overlook their clients’ business strategies. That’s why it’s important for your vCIO to provide regular progress reports to show where you are on your technology roadmap.

Regular progress reports should:

  • Provide analysis of technology gaps: Progress reports can help you see the big picture and help you understand which areas of your IT are underperforming. They can uncover gaps in infrastructure, processes, security, and company policies.
  • Provide clarity on IT project priority: Progress reports can help you understand how soon hardware needs replacing and how urgent an IT project is for your business health.
  • Eliminate surprise costs: Having a clear picture of your IT needs can help eliminate surprise IT budgetary issues. When you see what your future needs will be in IT, you can adjust your short-term and long-term budget accordingly.
  • Help you make informed decisions: Progress reports are able to help you see what challenges you face so that you can make informed decisions about the next steps you should take or any goal changes you need to make.


Hiring a virtual CIO may be one of the best decisions you ever make. They have the expertise you need to keep your small or medium-sized business’s IT up-to-date in 2022. 

An outsourced vCIO is also more affordable than hiring a new full-time employee because you don’t have to worry about paying benefits or other costs related to hiring someone to be onsite all the time. 

StepUP IT has been finding customer-centric IT solutions for companies like yours since 2001. We support over 50 organizations throughout Oregon. 

Our highly-experienced vCIOs will do an in-depth assessment of your current IT infrastructure to determine what your organization needs. Our vCIO focus areas include:

  • Technology roadmapping
  • IT strategy and planning
  • Aligning IT with business goals
  • IT budgeting

Book a call to find out how we can serve you today.

blog technology expert IT generalist or specialist

What Matters More When It Comes to IT? A Generalist or a Specialist?

An IT generalist is a jack-of-all-trades. They’re by your side every day to manage your help desk, support your staff’s IT needs, deliver service and maintenance, and be network administrators who ensure everything is working as intended. On the other hand, an IT specialist works on more complex technology issues, such as projects and escalations. IT specialists also often take on the role of solutions architects.

Read More »
blog traditional it services vs managed it services

How is an MSP Different from a Traditional IT Services Company?

Getting your outsourced IT services from an IT Services company seems like an obvious choice. You have someone you can call when things go sideways to help you get your technology back up and running. An MSP, or managed service provider, is a type of outsourced IT, but not all outsourced IT companies are MSPs. We’re going to break down the differences even further.

Read More »
blog recession-proof your business

Business Must-Haves: How to Survive & Thrive in a Tough Economy

Between inflation, supply chain interruptions, and the looming possibility of yet another recession, it can be difficult for business leaders to chart the best course of action to keep themselves not just solvent, but thriving and growing in the face of such economic uncertainty. One way that businesses can make themselves more recession-proof is by having a solid IT structure in place, including software, hardware, security, data storage, and IT experts, to help everything run efficiently and effectively

Read More »
Strategic Planning

A vCIO is Worth Their Weight in Gold

Many businesses are turning to outside IT professionals to help them optimize their operations and keep their technology running smoothly and efficiently through strategic planning. A vCIO, or virtual Chief Information Officer, can be the key to streamlining IT functionality for your business.

Read More »

Since 2001, StepUP IT Services has been helping businesses in Eugene and throughout Oregon with their technology needs. We are your IT partner. We manage and maintain your technology, empowering your organization to reach its goals. Making you happy is what makes us happy.

228 Grimes St. Eugene, OR 97402

Proud member of the

Business Hours: Monday – Friday 7am-5pm PST

Contact us by phone at (541) 683-5000 for afterhours support.

Office closed for New Year’s, Memorial Day, Independence Day, Labor day, Thanksgiving, and Christmas

© 2021-2023 All rights reserved