We asked the community of technology and business experts from Channel Futures’ MSP 501 for their best IT advice. Check out their answers here to learn what they feel is the most important information for SMBs to know about their business technology.
USE THE BEST SECURITY, SYSTEMS, AND SUPPORT YOU CAN
- Spending now on security and backups can save spending a lot more in the future. “A penny of prevention can save a pound of cure.”
- NEVER trust a firewall in an ISP’s modem to protect your business.
- Apple devices need anti-virus and anti-malware protection.
- End-user computer security training, such as social engineering, recognizing phishing and spam attacks, and physical security is enormously valuable.
Wayne Freeman, Chief Operating Officer
- Ensure the IT solutions that you are implementing into your business are ones you enjoy using and solutions you want your ideal/future employees to leverage. Versus a solution that is simply being implemented for the sake of progression.
- What is your calculated loss for downtime? Multiple ranges should be calculated. 1, 6, and 12 hours. 1 and 2 days. Similar to an insurance deductible this will allow you to calculate the ROI on infrastructure safeguards…regardless of what an outside sales team may say. This allows you to gain perspective on what you can realistically afford to spend.
- Let your IT partner know your business plan and goals. Where do you want to be in 1, 2, 5 years? Hardware/software longevity, scaling, and future employee/resource management from your MSP are among the most apparent benefits. An MSP contract is a long term relationship, we succeed when you do.
Andrew McGillivray, Technical Account Manager
In recent years businesses, in general, are becoming more tech-savvy. Sometimes this leads them to conclude that they can handle supporting their IT on their own and someone in their organization adds IT to their role (CFO, COO, Office Manager, etc).
They spend their time researching how to fix issues and have varying degrees of success but it is time-consuming. They don’t see a bill for their time spent away from their primary role but there is a cost. The cost comes in the form of not being able to focus on their primary role. Spending more to fix problems that are caused than trying to fix the original problem in the first place.
Russ Altman, Director of Business Development
- Know your Support Team! TWT Technicians love to get to know their clients and customers. If you get the chance, say hi to your technician : )
- Be patient with your technicians as they work through your issues. Sometimes a technician needs a little more information on an issue, and we even need to dig into an issue occasionally as well. We will always work to get you up and running as quickly as possible, but sometimes we just need a bit of time to get the whole picture to get you back on your way
- Don’t be afraid to ask your technician questions! We will take any opportunity we can to educate our customers, and if there is ever anything you aren’t sure of, ask!
David Collins, Support Desk Analyst
Cheap hardware is never cheap in the long run, talk to your provider and make sure what you are getting meets your needs now and down the road. The time spent on users with slow systems and incompatibilities in the future doesn’t make up for the low low price tag!
Julian Gelfand, Support Desk Manager
- Never trust an unsolicited email. If you don’t recognize the sender, you’re better off deleting it than opening it, especially when it comes with an attachment. Ransomware payloads are often delivered via an attachment that claims to be an invoice.
- Microsoft neither knows nor cares whether your computer has a virus and will never, EVER call you to fix it.
- Understand what Phishing, Whaling, Harpooning, and Spearphishing attacks actually mean and how to recognize them. It’s easy enough to impersonate a user’s email address in order to request a monetary disbursement. Have a process in place designed around a response to disbursement requests.
- Talk to us about MFA, or Multi-Factor Authentication. Additional steps around secure logins can prevent unauthorized access to your systems.
- Use very strong, long passwords and understand why we recommend it. Even better is to use a phrase as your password or a random password generator app/vault such as LastPass.
Gerald Lochli, Support Desk Analyst
When you hire TWT as your Managed IT provider, you can focus on your core strengths and your business. You can build the team you need knowing they have access to the wisdom and technology they need to help your business succeed.
Technology is a necessary part of every business. And it’s got to work so your team can work. But there’s no need to stress about it. Just leave it to us.
PREVENT RANSOMWARE THREATS
You have seen more than a few headlines lately about public ransomware attacks. In one week of August alone over twenty-two Texas municipalities had their networks held hostage with a $2.5 million ransom.
All organizations are vulnerable to these cyberattacks. The number one vulnerability? People.
What can businesses do to prevent having to pay a ransom?
Here are three cybersecurity plans to implement now to avert having to pay a ransom:
- Enable security best practices – Enforce password policies and two-factor authentication. Limit or deny RDP access. Keep systems, software, and Windows up to date. Implement multiple layers of security (ie web filtering, DNS filtering, anti-virus with EDR, UTM firewalls, SPAM filtering). This is a lot of tech jargon that weighs so much in the operations of a business when facing protection.
- Cybersecurity education and training – A ransomware prevention program teaches users of company email or hardware about the dangers of social engineering and phishing and explains good security practices about email attachments (and wire transfers). Continual education and training are vital to keep your business safe.
- Total data protection – Backups backups backups. Implement an all-encompassing backup and disaster recovery solution- not an online backup (i.e. Google Drive) or not a copy of the files. Then IF you fall victim to ransomware, you can simply ‘turn back the clock’ to a snapshot before the attack happened. Often times if one is at ransom- the cyber attacker may not even return access to their information even if the ransom was paid.
Since 2010, we’ve been providing fast and friendly IT support to businesses, manufacturers, churches, schools, municipalities, and organizations across Chicagoland. We’ve grown throughout the years because we provide fast and friendly IT support that answers the phones.
MEASURE AND MITIGATE CYBER RISK
As technology continues to evolve, cyber risk continues to evolve in both breadth and complexity. Cyber risk affects businesses of any size and requires attention by both executive leaders and other senior staff.
To combat the mounting threats against businesses, CEOs need not only to remain vigilant and knowledgeable of what’s out there but also implement cyber-security best practices in order to stay safe and out of harm’s way.
The breadth and scope of “best practices” is more extensive than this article allows for but one thing to keep in mind is that your process must be measurable and meaningful in order for it to be effective. “You can’t move what you don’t measure.”
An example of a meaningful metric is measuring the amount of time it takes for your company to identify, respond to, and fix a pivotal vulnerability in your structure. By reducing the number of hours (or for some companies, days,) in which the process takes, you can effectively mitigate risk across your whole enterprise. An example of an ineffective metric would be to measure how many alerts your CEO receives in regard to potential vulnerabilities. Such information is useless in terms of relevancy and application to this particular instance.
Also, if you didn’t notice, (or have been living under a rock for the past 20 years) all companies are digitized. All information–files, plans, etc–are kept within the confines of a digital storage unit (usually the cloud). So, in essence, what this means for you is that protecting and securing this information is perhaps the most important thing your business will ever do.
RCS Professional Services is a full-service IT Managed Service Provider offering IT solutions, products, and services to small and medium-sized businesses in the New York Tri-state and Atlanta, Georgia areas.
RCS proactively develops and maintains the individualized IT infrastructure that its client companies need to both sustain their businesses — and grow.
YOU ARE NEVER “TOO SMALL TO BE A TARGET”
Security is by far the biggest concern we see from our clients and prospective partners. There are perceptions that “we’re too small to be a target” and I can tell you as a seasoned IT professional of over 30 years, the size of your company, and what you do don’t matter one bit in whether or not you’re a target.
Operate under the assumption that ALL businesses in the US are a target now. If hackers are able to disrupt your business and force you to pay a ransom to recover, they have won. So it’s not even about stealing your data as much as it is bringing your business to a halt, and forcing you into a position of paying a ransom to get back to work.
Some common-sense tips:
- Use Two Factor Authentication wherever possible, including with your email service.
- Work with a professional organization to help manage your security. Your CFO, Operations Manager, Family Member, or even the President is not an expert and you can no longer afford to cut corners in this area.
- Make sure you have a solid business continuity solution in place that is monitored, tested and air-gapped. You are only as secure as your last good system backup. Also, make sure there are onsite and offsite recovery points to mitigate damage.
For almost 20 years, the team at WEBIT have been busy behind the scenes perfecting our one-of-a-kind processes and best practices. We’ve then combined these with our world-class service and years of expertise to build a solid foundation on which we are able to deliver very real IT solutions to your organization’s problems. Our people are the best at what they do, our processes are unrivaled and our passion for technology is bordering on obsession. In a good way!
IDENTIFY, PROTECT, AND DETECT AGAINST SECURITY THREATS
The first step, according to the NIST Framework, is to Identify, which includes listing all the assets you have, your business environment, any compliance requirements, and your risk.
Without identifying your needs, the next step of Protecting and Detecting threats to your business will not be accurate. You may spend too much trying to protect things that are not important, or totally miss some huge areas of risk to your business. Are you getting home insurance that does not include flood damage when you live in a flood plain, or are you getting flood insurance when you live at a high altitude with no chance of ever flooding?
Your IT systems today are much more complicated and vulnerable than most SMB’s realize. The firewall may be in place, and the back door locked, but you have no idea if the bad actor is constantly pounding on the door looking for a loose hinge or out-of-date firmware. In the world of the internet, there are so many vulnerabilities with a starting list of PCs, servers, firewalls, switches, IoT devices, Office 365, LOB applications, and of course users!
Managing the risk and implementing the correct Protect and Detect solutions is more vital today than ever. Your IT support firm must understand these concepts and work with you on an ongoing basis to keep your business secure and working smoothly.
Established in 1995, Business System Solutions is a complete technology solution provider. We are 100% committed to making sure business owners have the most reliable and professional IT service in Lafayette, West Lafayette, Kokomo, Logansport, and surrounding communities. Our team of talented IT professionals can solve your IT nightmares once and for all.