Cranston-header-logo
Request Pricing
Book a Meeting
Get Started

Support

(888) 813-5558

Sales

(888) 771-8085

February 2026

Cranston Chronicles Newsletter Image

Keep Your IT Budget Working During a Slowdown

When business slows down, it’s tempting to reduce IT spending. But that approach often backfires, creating bigger problems—and larger bills—down the road.

Beyond the productive work you accomplish on your Macs, your technology infrastructure enables you to communicate with clients, send invoices, manage schedules, and get paid. A downturn is precisely when you need those systems working reliably, not when you should neglect them.

The smart approach isn’t to stop spending on IT. It’s to protect the essentials while trimming optional expenses. Let’s look at what’s critical and what’s not.

The Hidden Costs of Cutting Back

When IT spending gets cut, three things typically go wrong:

  • Small problems become big problems: Deferring maintenance—putting off updates, delaying hardware replacements, and ignoring broken workflows—doesn’t save money, it just pushes the expense to a later date, when it will almost certainly cost more. Beyond the fact that prices only increase over time, emergency troubleshooting, rush purchases, and downtime during business hours always cost more than planned maintenance.
  • Security risks persist: Attackers don’t slow down just because revenues have. When budgets tighten, businesses often cut the very things that stave off disasters: software updates, security monitoring, and tested backups. One phishing attack that leads to wire fraud, one malware infection that steals passwords, or one unpatched vulnerability can wipe out years of “savings.”
  • Productivity losses add up quietly: When Wi-Fi is flaky, Macs are slow, and file sharing doesn’t work reliably, employees waste time waiting and working around problems. During a downturn, you typically have fewer people doing more work, which is the worst time to tolerate daily friction.

What to Protect First

Spending on some aspects of IT is more important than others. These are the services that keep your business running smoothly and help you recover when something goes wrong:

  • IT support and consulting: We’re biased, of course, but we’ve seen what happens when clients go out on their own and then come back. Proactive support catches issues early, keeps your systems running, and ensures you have someone to call who already knows your setup when things break.
  • Software subscriptions: Adobe Creative Cloud, Microsoft 365, accounting software, and similar subscriptions often seem cuttable. But letting subscriptions lapse means missing security updates and losing access to files in proprietary formats. It also means employees will spend time learning new tools rather than being productive with familiar ones. Before canceling, understand what you’ll lose.
  • Backup services: Cloud backup services like Backblaze or CrashPlan may seem unnecessary if you have local backups, but they protect against burglaries, fires, or burst pipes that can destroy local backups.
  • Networking equipment: Dodgy Wi-Fi access points and aging routers waste everyone’s time. If your team can’t reliably stay connected, nothing else matters. If you need to replace networking gear, choose quality products that will last for years.
  • Hardware replacement budget: It’s tempting to squeeze another year out of aging Macs, but don’t keep them going beyond the point where they stop receiving security updates. User productivity will also decline as older Macs slow down and experience more issues.

Where to Cut Without Breaking Things

Many businesses have unnecessary costs hiding in plain sight. Here’s where to look:

  • Unused software licenses: Audit what you’re paying for versus what employees actually use. Many companies have up to 30% of seats unused across various apps. Reclaim those seats, and establish a simple rule: every subscription needs an owner and a regular review.
  • Duplicate tools: It’s surprisingly common for businesses to pay for multiple apps that do the same thing—multiple chat platforms, overlapping backup utilities, and so on. Pick one and consolidate.
  • Vendor contracts up for renewal: Before agreements for Internet service, phone plans, hosting, or equipment leases auto-renew, check whether you still need the same service level. Many vendors will negotiate rather than lose a customer, and some plans can be downgraded to match actual usage.
  • Projects that don’t solve real problems: Pause any “nice to have” work that isn’t about reducing costs, lowering risk, or helping you serve customers better: things like migrating to a new CRM, redesigning a website that’s working fine, or building custom tools when off-the-shelf options exist. A downturn forces prioritization—use it.

The goal isn’t to spend more on IT—it’s to spend smarter. Protect the services that keep you running, cut the ones that don’t, and avoid creating tomorrow’s emergency by skipping today’s maintenance. If you’re unsure where to cut and where to hold the line, we’re happy to help you sort through the options. A short conversation now can prevent an expensive surprise later.

What Can You Do With the iPhone’s Action Button?  Nearly Anything!

Starting with the iPhone 15 Pro and Pro Max, Apple replaced the Ring/Silent switch on the top-left edge of the iPhone with the Action button, making the new button standard across the iPhone 16 and iPhone 17 lineups in subsequent years. The Action button is a dedicated hardware button you can configure to perform one of many different tasks. Although Apple prompts everyone setting up a new iPhone to configure the Action button, our experience is that many people haven’t integrated it into their everyday usage.

Taking advantage of the Action button isn’t hard, but there are obstacles. The Ring/Silent switch had only one function, whereas the Action button offers so many options that it’s easy to fall prey to decision paralysis. Also, because the Action button is configurable, it behaves differently even if you leave it set to Silent Mode. The Ring/Silent switch was a physical switch that also showed its state with an orange indicator. With the Action button, you can’t tell at a glance if Silent Mode is on, and activating it requires a relatively long press-and-hold. Finally, the Action button’s ultimate power lies in its Controls and Shortcuts options, but many users are unaware of the wide-ranging possibilities these unlock.

So let’s look at how to make the most of the Action button. To configure the Action button, go to Settings > Action Button and swipe through the choices. The choice on screen when you exit Settings will be active. Although there are no bad choices here, many of the options Apple provides can be activated just as easily through Control Center or Siri, so you might not want to dedicate the Action button to them.

  • Silent Mode: Toggle call and alert sounds on and off. This is the default setting, but unless you regularly need to toggle the ringer, it’s not worth dedicating the Action button to such a seldom-used option. You can toggle Silent Mode in Control Center just as easily.
  • Focus: Activate or switch Focus modes such as Do Not Disturb. We recommend using Focus sparingly because it can block desired notifications, but if you’re a fan, the Action button might be a good way to switch between them. Focus modes are also easy to select in Control Center and turn on with “Siri, turn on Do Not Disturb.”
  • Camera: Launch the Camera app. If your iPhone has the Camera Control (as do all Action button-equipped models except the iPhone 15 Pro/Pro Max and iPhone 16e), the Camera Control is the best way to open the Camera, but the Action button might still be helpful for opening the Camera app to a specific mode: Photo, Selfie, Video, Portrait, or Portrait Selfie.
  • Visual Intelligence: Launch Apple’s AI-powered object recognition feature. Again, pressing and holding the Camera Control (if available) is a better way to access Visual Intelligence.
  • Flashlight: Turn the flashlight on or off. This may be a good choice if you use the flashlight regularly, but if so, you’re probably already accustomed to tapping its icon on the iPhone’s Lock Screen. If your hands are too full, try “Siri, turn on the flashlight.”
  • Voice Memo: Start recording audio in the Voice Memos app. If you use Voice Memos heavily, you may like this use of the Action button. Alternatively, just say, “Siri, record a voice memo.”
  • Recognize Music: Use Shazam to identify music that’s playing nearby or on your iPhone. Another way to invoke Shazam quickly is to ask, “Siri, what’s playing?”
  • Translate: Starts listening to translate between the default languages you set up in the Translate app. This use of the Action button is a great shortcut if you’re traveling in another country and need quick translations, but most people don’t need it every day.
  • Magnifier: Launch the Magnifier app to make it easier to see tiny text and small objects. Those with low vision may particularly appreciate this use of the Action button, but the Magnifier app is also easily accessed from a Control Center button or by saying, “Siri, open Magnifier.”
  • Controls: Invoke any Control Center control. Here’s where things get interesting! Starting with iOS 18, iPhone apps can create controls in Control Center. With the Controls option, you can choose any available control, so you could have the Action button start a ChatGPT conversation, add a task to TickTick, create a new event in BusyCal, or myriad other options. We strongly encourage you to scroll through the available controls to see if any catch your interest.
  • Shortcut: Activate any custom Shortcut for personalized actions. The previous Controls choice is brilliant, but what if you want even more options? With Shortcuts, you can create custom actions that can even leverage multiple apps to do exactly what you want. For instance, you could create a shortcut that takes a photo of an expense receipt and sends it to a specific email address, all triggered by a long press on the Action button. The sky is the limit here.
  • Accessibility: Quick access to accessibility features like VoiceOver, Zoom, Speak Screen, Apple Watch Mirroring, Live Captions, Conversation Boost, and more. Don’t assume these options are only for people with disabilities; many have broader utility.
  • No Action: The final option is No Action, which is useful only if you accidentally press the Action button frequently and don’t want it to do anything.

So there you have it! If you’re not currently using the Action button, take a spin through the available options to see which can make a difference in your everyday iPhone experience.

Be Very Careful with AI Agents!

AI agents—software that can take actions on your behalf using artificial intelligence—are having a moment. The appeal is obvious: imagine a robot butler that triages your inbox, manages your calendar, and handles tedious tasks while you focus on more important work.

That’s the promise driving the recent surge in popularity of OpenClaw (formerly known as Clawdbot and Moltbot), which is now all the rage in tech circles. Token Security found that at least one person is using it at nearly a quarter of its enterprise customers, mostly running from personal accounts. That’s a shadow IT nightmare—employees connecting work email and Slack to an unsanctioned tool that IT doesn’t know about and can’t monitor. Whether you’re an individual tempted by OpenClaw’s promise or a manager wondering what your users are up to, you need to understand the risks these AI agents pose.

OpenClaw is an AI agent built around “skills”—installable plugins that let it integrate with your messaging apps, email, calendar, and more. You communicate with OpenClaw via Messages, Slack, WhatsApp, and similar apps. Because it’s open source, you’ll need to provide your own API keys for AI services like OpenAI or Anthropic, which means ongoing costs that can add up quickly—people have reported spending $10–$25 per day.

The more serious problem? Security researchers have discovered serious vulnerabilities, including misconfigured instances exposed to the internet that leak credentials, API keys, and private messages, and a supply chain vulnerability where malicious skills uploaded to the ClawdHub library can execute arbitrary commands on users’ systems. Even beyond specific bugs, OpenClaw’s fundamental design encourages users to grant broad access to sensitive accounts.

Why AI Agents Are Risky

Security concerns aren’t unique to OpenClaw—they apply to any AI agent that acts on a user’s behalf. Here’s what’s at stake:

  • Credential exposure: For an AI agent to send emails, manage your calendar, or post to Slack, it needs your authentication tokens or login credentials. If the agent software stores these credentials insecurely, or an attacker gains control, they could be exposed.
  • Prompt injection: AI agents work by following instructions, but they can’t easily distinguish between prompts and data in the content they use. A class of attacks called “prompt injections” trick AI systems by hiding malicious content in emails, websites, or documents that will be processed. An attacker could embed instructions in an email that would cause your agent to search for and forward email messages containing passwords or financial data, follow links to malware sites, or take other harmful actions. There is currently no foolproof defense against this class of attack.
  • Data exfiltration: An AI agent with access to your email and your computer’s filesystem could be manipulated to extract information from elsewhere on your computer—financial data, customer lists, or personal details—and send it to an attacker.
  • Unvetted extensions: OpenClaw and similar AI agents let users install “skills” or plugins to extend functionality. Libraries that allow users to share custom skills often have minimal or no security vetting, making it easy for attackers to submit poisoned skills. Installing such a skill could grant malicious code access to everything your agent can touch.
  • Exposed control interfaces: Security researchers found OpenClaw control servers exposed on the Internet, potentially leaking API keys, VPN credentials, and conversation histories. This risk is unique to OpenClaw at the moment, but future AI agents may suffer from similar vulnerabilities, particularly as they’re adopted by less technically savvy users.

How to Reduce Your Risk

We’ll come right out and say it: we strongly recommend against installing OpenClaw or other AI agents on your Mac. In a year or so, Apple may have updated Siri to provide many of these capabilities with significantly stronger privacy and security. But for now, just say no.

If you decide to use AI agents despite these risks, here are practical steps to protect yourself:

  • Use dedicated accounts: When possible, create separate accounts specifically for agent use rather than linking your primary personal or work accounts.
  • Limit permissions: Grant the agent access only to accounts it absolutely needs. If you only want help with your calendar, don’t also connect your email and messaging services.
  • Avoid connecting sensitive services: Never connect anything involving money, healthcare, or confidential business information. The liability is too high if something goes wrong.
  • Review agent actions: If the platform offers logs or activity feeds, check them regularly. Look for unexpected messages sent, files accessed, or connections made.
  • Vet extensions carefully: Don’t install skills or plugins from unknown sources, and even with known libraries, look for evidence of others using and reviewing the skills. Treat skills like any other software you’d install on your computer.
  • Keep software updated: Security patches for OpenClaw and similar tools address known vulnerabilities. If you’re running an agent, keep it up to date.
  • Run agents in isolated environments: Technical users should consider running agents in sandboxed environments or virtual machines to limit potential damage.

If you run a business, you should assume that some employees have already installed OpenClaw or will soon, and may have connected their work email and Slack accounts without realizing the associated risks. Here’s what you can do:

  • Educate before it’s a problem: Proactively explain the risks to employees. People are more receptive before they’ve already invested time setting something up.
  • Update acceptable use policies: Make clear that connecting work accounts to unsanctioned AI agents is prohibited, and explain why.
  • Offer sanctioned alternatives: If employees want AI assistance, point them toward safer options that don’t require handing over credentials to sensitive accounts.

What About Claude Cowork and OpenAI Codex?

Not all AI agent platforms carry the same level of risk. Anthropic’s Claude Cowork and OpenAI’s Codex take a different architectural approach from OpenClaw. Rather than requesting authentication tokens for your email, messaging, and other personal services, they operate within their own controlled, sandboxed environments. These systems work primarily with files, code, and data you explicitly place into their workspace, which substantially limits the fallout from an attacker gaining some level of control.

This containment approach reduces risk, but does not eliminate it. Prompt injection remains a concern whenever an AI system processes untrusted content, even inside a sandbox. An AI agent analyzing a malicious document could still be manipulated into taking unintended actions within its allowed environment. Similarly, any code generated by these systems—particularly code that touches the network or executes system commands—should be reviewed carefully to make sure it hasn’t been compromised by prompt injection.

The key distinction is scope. Claude Cowork and Codex are designed to operate within a defined workspace, whereas tools like OpenClaw require standing access to your most sensitive accounts. From a security perspective, a compromised sandbox is a recoverable incident; a compromised email or messaging account may not be.

The Bottom Line

AI agents promise a lot and may provide genuine convenience, but at a cost beyond just paying for API tokens. Before you or anyone in your organization connects an AI agent to sensitive accounts, consider: What’s the worst that could happen if this system were compromised by an attacker? If the answer involves passwords being stolen, private email being exposed, or photos being posted to social media without your knowledge, proceed with extreme caution. If you can imagine a way financial accounts could be accessed or business data stolen, don’t proceed at all.

Subscribe for Monthly Technology Insights from Cranston IT!

* indicates required
Get in touch with us today to learn more about our IT services!
See how we can help your business thrive!
Call us at 412-200-5656 or contact us online to schedule your consultation.
Let’s optimize your IT systems together!
Recent Articles
Cranston-footer-logo
Facebook-f Linkedin-in
Quick Links
Services
Contact Info
© 2026 Cranston IT. All Rights Reserved
Call Us
Get Started