Posts

Security Awareness

Should You Be Offering Security Awareness Training?

Nearly half of all office workers have had their data compromised at some point. And as if that wasn’t scary enough, the numbers only get more concerning from there. Following an incident, a whopping 35% of office workers don’t change their passwords—a measure that can go a long way to preventing future information theft. And while at work, 49% of respondents admit to clicking links that were sent to them by unknown senders – so should your service provider be offering security awareness training?

In this age of heightened awareness around cybersecurity, most employees have some appreciation for the risks this kind of behavior opens their companies up to. But data thieves and scammers can be incredibly cunning and deceptive—preying on workers’ information deficits and busy schedules to sneak in under the radar.

Employees and businesses need to master the basics of good cyber hygiene to keep sensitive data safe. Educating employees in the difference between a safe link and link that’s part of a phishing scam can spare companies the time, money, and PR headache of being compromised.

Since every employee has a different level of knowledge and awareness when it comes to cybersecurity best practices, training can be an essential tool to bring everyone up to an acceptable baseline. And this isn’t just true for large organizations anymore. Nearly half of all cyberattacks today are targeted at small- and medium-sized businesses (SMBs)—and 60% of those targeted go out of business within six months of the attack. As a result, SMBs are increasingly looking for security awareness training programs to keep their employees, and their information, as safe as possible.

This presents an opportunity for MSPs to deliver even more value to their clients—and become trusted advisors in the process. And to help you make the most of this opportunity, our recent webinar, Why Security Training, Why Now, and What’s in It for Me?, covers the what, why, and how of offering cybersecurity awareness training—and doing it effectively.

Here are some of the key takeaways from the webinar to help you decide whether to offer this training to your customers.

Who Benefits From Security Awareness Training?

A properly managed security training program can be beneficial to everyone involved.

Increasingly, companies’ compliance obligations mandate that they participate in these programs—and allocate budget specifically to them. With an existing budget and a real need among customers, security awareness training represents a huge opportunity for MSPs—one that can yield significant returns.

The training can also be invaluable for the customers, saving them money and headaches in the long run. Even a tiny data breach can have wide-reaching implications, so every dollar spent on training can pay off in spades. Emphasizing the long-term benefits of security training will be an essential part in upselling existing customers and showcasing the value to prospects.

To get buy-in from individual employees, it’s also useful to point out that this training can benefit them in their personal lives—helping them keep hackers out of their bank accounts and far away from their families’ private information.

What Makes a Good Security Awareness Training Program?

The value of security awareness training programs is evident, but how can you get companies to choose your program?

The most important thing any MSP can do is make sure their program is effective. A robust program will cover everything from phishing awareness to social engineering to mobile device security. That being said, it’s important to start with the basics and build up to more complex security lessons. While some employees will come in with a thorough understanding of general best practices, others may be entirely new to the subject. Never assume that something is obvious. Besides, a little refresher course never hurt anybody.

Behavioral change takes time, so it’s also important for your program to follow a pace that refreshes participants’ memory over time without overwhelming them. Consider outlining clear participation guidelines from the start to help everyone involved understand what’s expected of them. For example, you might plan two phishing simulations per month and offer three cyber awareness courses per quarter. Knowing what’s coming, the training won’t feel like a burden to employees—it will just be another part of their week.

To help ensure the training sticks, tailor it to your audience, making it department-specific when appropriate. You can also be proactive and integrate security training into existing onboarding processes so that security is prioritized from the get-go. These steps, while seemingly small, can make security training more digestible to your audience—and make their data safer as a result. If you think you need a software to help you manage and secure your data, then consider Couchbase.

So, Should You Offer Security Awareness Training?

There has never been a greater need for security training. With cyber threats growing increasingly deceptive and dangerous, the market for efficient, high-quality training is one that’s worth tapping into. While MSPs don’t specialize in education, this situation offers the potential for you to step in and be the hero—helping your clients protect themselves from malicious threats.


This article was provided by our service partner : connectwise

Endpoint Security

Why MSPs Should Expect No-Conflict Endpoint Security

“Antivirus programs use techniques to stop viruses that are very “virus-like” in and of themselves, and in most cases if you try to run two antivirus programs, or full endpoint security suites, each believes the other is malicious and they then engage in a battle to the death (of system usability, anyway).”

“…running 2 AV’s will most likely cause conflicts and slowness as they will scan each other’s malware signature database. So it’s not recommended.”

The above quotes come from top answers on a popular computer help site and community forum in response to a question about “Running Two AVs” simultaneously.

Seattle Times tech columnist Patrick Marshall has similarly warned his readers about the dangers of antivirus products conflicting on his own computers.

Historically, these comments were spot-on, 100% correct in describing how competing Endpoint Security solutions interacted on endpoints. Here’s why.

The (Traditional) Issues with Running Side-by-Side AV Programs

In pursuit of battling it out on your machine for security supremacy, AV solutions have traditionally had a tendency to cause serious performance issues.

This is because:

  • Each is convinced the other is an imposter. Antivirus programs tend to look a lot like viruses to other antivirus programs. The behaviors they engage in, like scanning files or scripts and exporting information about those data objects, can look a little shady to a program that’s sole purpose is to be on the lookout for suspicious activity.
  • Each wants to be the anti-malware star. Ideally both AV programs installed on a machine would be up to the task of spotting a virus on a computer. And both would want to let the user know when they’d found something. So while one AV number one may isolate a threat, you can bet AV number two will still want to alert the user to its presence. This can lead to an endlessly annoying cycle of warnings, all-clears, and further warnings.
  • Both are hungry for your computer’s limited resources. Traditional antivirus products store static lists of known threats on each user’s machine so they can be checked against new data. This, plus the memory used for storing the endpoint agent, CPU for scheduled scans, on-demand scans, and even resource use during idling can add up to big demand. Multiply it by two and devices quickly become sluggish.

Putting the Problem Into Context

Those of you reading this may be thinking, But is all of this really a problem? Who wants to run duplicate endpoint security products anyway?

Consider a scenario, one in which you’re unhappy with your current AV solution. Maybe the management overhead is unreasonable and it’s keeping you from core business responsibilities. Then what?

“Rip and replace”—a phrase guaranteed to make many an MSP shudder—comes to mind. It suggests long evenings of after-hours work removing endpoint protection from device after device, exposing each of the machines under your care to a precarious period of no protection. For MSPs managing hundreds or thousands of endpoints, even significant performance issues can seem not worth the trouble.

Hence we’ve arrived at the problem with conflicting AV software. They lock MSPs into a no-win quagmire of poor performance on the one hand, and a potentially dangerous rip-and-replace operation on the other.

But by designing a no-conflict agent, these growing pains can be eased almost completely. MSPs unhappy with the performance of their current AV can install its replacement during working hours without breaking a sweat. A cloud-based malware prevention architecture and “next-gen” approach to mitigating attacks allows everyone to benefit from the ability to change and upgrade their endpoint security with minimal effort.

Simply wait for your new endpoint agent to be installed, uninstall its predecessor, and still be home in time for dinner.

Stop Wishing and Expect No-Conflict Endpoint Protection

Any modern endpoint protection worth its salt or designed with the user in mind has two key qualities that address this problem:

  1. It won’t conflict with other AV programs and
  2. It installs fast and painlessly.

After all, this is 2019 (and over 30 years since antivirus was invented) so you should expect as much. Considering the plethora of (often so-called) next-gen endpoint solutions out there, there’s just no reason to get locked into a bad relationship you can’t easily replace if something better comes along.

So when evaluating a new cybersecurity tool, ask whether it’s no conflict and how quickly it installs. You’ll be glad you did.


This article was provided by our service partner : webroot.com

Security risk

Why You Shouldn’t Share Security Risk

There are some things in life that would be unfathomable to share. Your toothbrush, for example. We need to adopt the same clear distinction with cybersecurity risk ownership as we do with our toothbrush.

You value sharing as a good characteristic. However, even if you live with other people, everyone in your household still has their own toothbrush. It’s very clear which toothbrush is yours and which toothbrush is your partner’s/spouse’s or your children’s.

At some point in our lives, we were taught that toothbrushes should not be shared, and we pass that knowledge down to our children and dependents and make sure they also know. The same type of education about not sharing cybersecurity risks needs to happen. By not defining risk ownership, you’re sharing it with your customers.

Why Risk Should Never Be Shared

There should be no such thing as shared risk. It is very binary. Either the customer owns it, or you own it. Setting the correct expectation of an MSP’s cybersecurity and risk responsibility is critical to keeping a long-term business relationship.

When a breach occurs is not the time to be wondering which side is at fault. Notice I said ‘when’ not ‘if.’ Nearly 70% of SMBs have already experienced a cyberattack, with 58% of SMBs experiencing a cybersecurity attack within the past year—costing these companies an average of $400,000. The last thing you need is to be on the hook for a potentially business-crippling event. You need to limit your liability.

What Are Your Cybersecurity Risk Management Options?

1. Accept the Risk

When an organization accepts the risk, they have identified and logged the risk, but don’t take any action to remediate it. This is an appropriate action when the risk aligns with the organization’s risk tolerance, meaning they are willing to leave the risk unaddressed as a part of their normal business operations.

There is no set severity to the risk that an organization is willing to accept. Depending on the situation, organizations can accept risk that is low, moderate, or high.

When an organization decides to accept the risk, they have identified and logged the risk, but don’t take any action to remediate it. This is an appropriate action when the risk fits into the organization’s risk tolerance, and there is no set severity to the risk. Meaning, depending on the situation, an organization could be willing to accept low, moderate, or even high risk.

Here are two examples:

An organization has data centers located in the northeastern part of the United States and accept the risk of earthquakes. They know that an earthquake is possible but decide not to put the money into addressing the risk due to the infrequency of earthquakes in that area.

On the other end of the risk spectrum, a federal agency might share classified information with first responders who don’t typically have access to that information to stop an impending attack.

Many factors go into an organization accepting risk, including the organization’s overall mission, business needs, and potential impact on individuals, other organizations, and the Nation.1

2. Transfer the Risk

Transferring risk means just that; an organization passing the identified risk onto another entity. This action is appropriate when the organization has both the desire and the means to transfer the risk. As an MSP, you make a recommendation to a customer and they want you to do something, they’ve transferred the risk to you in exchange for payment for your products and service.

Transferring risk does not reduce the likelihood of an attack or incident occurring or the consequences associated with the risk.2

3. Mitigate the Risk

When mitigating risk, measures are put in place to address the risk. It’s appropriate when the risk cannot be accepted, avoided, or transferred. Mitigating risk depends on the risk management tier, the scope of the response, and the organization’s risk management strategy.

Organizations can approach risk mitigation in a variety of ways across three tiers:

  • Tier 1 can include common security controls
  • Tier 2 can introduce process re-engineering
  • Tier 3 can be a combination of new or enhanced management, operational, or technical safeguards

An organization could put this into practice by, for example, prohibiting the use or transport of mobile devices to certain parts of the world.3

4. Avoid the Risk (Not Recommended)

Risk avoidance is the opposite of risk acceptance because it’s an all-or-nothing kind of stance. For example, cutting down a tree limb hanging over your driveway, rather than waiting for it to fall, would be risk avoidance. You would be avoiding the risk of the tree limb falling on your car, your house, or on a passerby. Most insurance companies, in this example, would accept the risk and wait for the limb to fall, knowing that they can likely avoid incurring that cost. However, the point is that risk avoidance means taking steps so that the risk is completely addressed and cannot occur.

In business continuity and disaster recovery plans, risk avoidance is the action that avoids any exposure to the risk whatsoever. If you want to avoid data loss, you have a fully redundant data center in another geographical location that is completely capable of running your entire organization from that location. That would be complete avoidance of any local disaster such as an earthquake or hurricane.

While risk avoidance reduces the cost of downtime and recovery and may seem like a safer bet, it is usually the most expensive of all risk mitigation strategies. Not to mention it’s simply no longer feasible to rely on risk avoidance in today’s society with increasingly sophisticated cyberattacks.4

By using a risk assessment report to identify risk, you can establish a new baseline of the services you are and are not covering. This will put the responsibility onto your customers to either accept or refuse your recommendations to address the risk.

Summary

There are many different options when it comes to dealing with risks to your business. The important thing is to know what risks you have, how you are going to manage those risks, and who owns those risks. Candid discussions with your customers, once you know and understand the risks, is the only true way for each of you to know who owns the risks and what risk management option is going to be put in place for those risks. Don’t be afraid to have these conversations. In the long run, it will lead to outcomes which will be best for both you and your customers.


This article was provided by our service partner : Connectwise

Security risk

How MSPs Can Reduce Their Security Risk

While technology improves our lives in so many ways, it certainly isn’t free from drawbacks. And one of the biggest drawbacks is the risk of cyberattacks—a risk that’s escalating every day.

To reduce the increasing risk of cyberattacks—to your customers and your MSP business—it’s essential to put protocols in place to strengthen your internal security (we often refer to this as ‘getting your house in order’) and protect your clients. The truth is, your customers automatically assume that security is integrated into the price of their contract. That means you need to educate them on the subject, or risk falling short of their (potentially unrealistic) expectations.

What’s more, this is a prime opportunity to offer additional services—and increase revenue.

“You don’t want to deliver security services and not have the client invest in those services,” explains George Mach, Founder and CEO of Apex IT Group. “It would impact your MSP in a negative way.”

In our Path to Success Security Spotlight, I sat down with George Mach to discuss how you can define, identify, and reduce your level of risk, and boost revenue as a result. Here are just a few of our tips.

Understand Your Risk

The first step to reducing risk and providing Security-as-a-Service is understanding the current state of your MSP’s security.

“If you don’t know your own gaps or have good security hygiene in your own MSP, it’s really hard to deliver world-class security services to your client,” Mach says.

As an MSP, you have access to a wealth of sensitive information about your clients, including their passwords, addresses, and names. As such, it’s crucial that your MSP is fully protected. Even the smallest data breach could cause your clients to lose trust in you—damaging your reputation and costing you their business.

Trust, Train & Protect Your House

To protect your MSP (and by extension, your clients), Mach recommends following three simple steps.

First, make sure that you only hire trustworthy people. Of course, it isn’t always easy to spot a wolf in sheep’s clothing, but there are a few measures you can take to safeguard your organization against harmful presences. During the hiring process, this could include conducting a background check and verifying a candidate’s education and employment history. You can also consider creating new onboarding policies and asking employees to sign agreements that go on file, holding them accountable to specific standards.

Secondly, it’s important to train everyone at your organization about how to detect potential scammers—including staff in non-technical positions. As part of this training, you may also want to conduct a security skills assessment and record that it has taken place. That way, should the worst happen and a client decides to sue following a security breach, you can prove the measures your company took to try and prevent it—helping protect your reputation.

“The goal is to be in a defensible position if something were to happen,” Mach says.

Thirdly, it’s essential to enforce technical, physical, and administrative controls at your organization. Firewalls and endpoint protection are a must. Investing in swipe cards or biometric scanners can also help you strengthen your protection by helping you identify every person who enters your building. And to reduce your legal risk, don’t overlook the importance of nondisclosure agreements (NDAs) and business associate agreements (BAAs).

Follow the Framework

Once you’ve increased security at your MSP, you can start thinking about how to offer Security-as-a-Service. Following the protocols outlined in the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework is a good place to start. These protocols are: identify, protect, detect, respond, and recover.

By following these protocols, your company can turn secure protection into a competitive advantage. But that’s only possible if you communicate it properly to your clients.

Throughout conversations with your clients, it’s crucial to gain an understanding of their security priorities and the metrics they use to determine their success. Once you’ve identified these factors, you can establish risk thresholds that are closely aligned with your client’s risk tolerance.

Benchmarking your clients’ level of risk against industry standards and using a weighted scoring system to rank it from high to low can make it easier to communicate the value of your services to them—and the impact you’ll have on their business.

Measure Risk Reduction—Then Market It

You can use two approaches to measure risk reduction.

The quantitative approach, which is more technical, considers a server’s asset value, its exposure factor (which takes into account how often the server is left unattended and whether that server is in a protected environment), and the loss expectancy, which is related to the rate of occurrence of various risks. Taking all these factors into account, you can more accurately price your services—and your clients can make a more informed decision about whether to live with the risk or do something to mitigate it.

The qualitative approach is less complex. It uses available data to calculate the likelihood of a risk. You can then suggest countermeasures to ensure protection.

Whichever approach you choose, explaining your findings and suggested solutions in layman’s terms and backing up your claims with evidence helps to build trust with your clients.

It’s this trust that will persuade clients to invest in your security service—and remain satisfied customers for years to come.


This article was provided by our service partner : Connectwise

managed services

Managed Services 101: Where MSPs Are Now, and Where They’re Going

Managed services are becoming an increasingly integral part of the business IT ecosystem. With technology advancing at a rapid pace, many companies find it cheaper and more effective to outsource some or all of their IT processes and functions to an expert provider, known as a managed service provider (MSP).

Unlike traditional on-demand IT outsourcing, MSPs proactively support a company’s IT needs. And with the IT demands of businesses becoming ever more complex, reliance on MSPs is likely to increase exponentially over the next few years.

What Is a Managed Service Provider?

An MSP manages a company’s IT infrastructure on a subscription-based model. MSPs offer continual support that can include the setup, installation, and configuration of a company’s IT assets.

Managed services can supplement a company’s internal IT department and provide services that may not be available in-house. And since the MSP is continuously supporting the company’s IT infrastructure and systems, rather than simply stepping in from time to time to put out a fire, these services can provide a level of peace of mind that other models just can’t match.

What’s the Difference Between Managed Services and the Break/Fix Model?

Unlike on-demand outsourced IT services, managed services play an ongoing and harmonious role in the running of an organization.

Due to the rapidly changing nature of the digital landscape, it’s no longer sustainable to fix problems after the damage is done. Yet the break/fix model in softwarre development companies like Software Development UK, is still a common way of dealing with IT-related problems. It’s like waiting to repair a minor leak until after the pipe has burst.

On-demand providers are usually brought in to perform a specific service (like fixing a broken server), and they bill the customer for the time and materials it takes to provide that service. MSPs, on the other hand, charge a recurring fee to provide an ongoing service. This service is defined in the service-level agreement (SLA), a contract drawn up between the MSP and the customer that defines both the type and standards of services the MSP will be expected to provide. This monthly recurring revenue (MRR) can provide a lucrative and reliable revenue stream.

What Services Can an MSP Provide?

MSPs provide systems management solutions, centrally managing a company’s IT assets. This encompasses everything from software support and maintenance to cloud computing and data storage. These solutions can be especially valuable for small- and medium-sized businesses (SMBs) that may not have robust internal IT departments, especially when it comes to hard-to-find skills.

Network Monitoring and Maintenance

From slow loading times to outages, inefficient and faulty systems can cost companies a fortune in lost productivity. MSPs reduce the likelihood of such delays by keeping an eye on the network for slow or failing elements. By using a remote monitoring and management (RMM) tool, the MSP will automatically be notified the moment an issue arises, allowing them to identify and fix the problem as quickly as possible. That means shorter downtime, so the customer’s tech—and the business needs it supports—can get up and running again in no time.

Software Support and Maintenance

MSPs provide software support and maintenance to ensure the smooth running of all business applications that a customer needs on a daily basis. This includes ensuring that the programs used to maintain the network are fully functional. Overall, the goal is to provide an uninterrupted experience so that work can carry on as normal.

Data Backup and Recovery

Data loss can be catastrophic, so companies need to have a system in place to back it up and recover it, should the worst happen. MSPs can handle the backup process, protecting companies against both accidental deletion and file corruption, or more malicious intent (like cyberattacks). They can also support a company’s overall disaster recovery plan, ensuring the business can always recover its data in the event of an emergency.

Data Storage

MSPs can also help their clients optimally store their data. While hard data storage was once standard, new forms of remote data storage are growing in popularity, including cloud computing. MSPs can enable seamless data migration if the client decides to switch storage options.

Cloud Computing

Cloud computing encompasses more than just remote data storage options. Various IT applications and resources can be accessed via online cloud service platforms, with providers charging a pay-as-you-go fee for access. Whether the client relies on a public, private, or hybrid cloud platform, MSPs can help them navigate the cloud successfully, streamlining their workflows, storing data successfully, and more.

Challenges Facing MSPs

While there are numerous benefits to the managed services model, including the recurring revenue and the ability to build long-lasting relationships with clients, this model isn’t without its challenges.

Shifts in Sales and Marketing

Until recently, many MSPs have grown organically through referrals and word of mouth. But increasingly, companies are seeing the value of the ‘master MSP’ model, which offers valuable infrastructure to other MSPs in areas where their own expertise may be lacking. As a result, we see a trend toward inorganic growth.

In this market, MSPs can stand out from the crowd by investing their efforts in product management. Prioritizing the needs of the customer is a simple way to create value around your services. This goes beyond the basic standards outlined in the service level agreement—it’s about showing you go above and beyond.

Keeping Existing Customers

With new differentiators emerging, MSPs have to adjust their approach to keep customers happy.

One way they can set themselves apart is by having business conversations very early on in the relationship. By gaining a clear understanding of the outcomes the client wants to achieve and working with them to come to an agreement surrounding expectations, MSPs can establish themselves as a partner rather than simply a provider. This will allow you to adjust your approach to match their needs—like driving for profit rather than acting as a cost center.

Best-in-class MSPs also rarely find themselves arguing with customers over whether something is covered. That’s because they’re fully aligned on what the MSP is responsible for. Whatever the SLA covers, it’s the MSP’s job to ensure their client understands. This requires regular conversations to confirm everyone is on the same page and satisfied. Documenting these conversations also allows MSPs to streamline any disagreements by showing what has been discussed and agreed upon. The goal is to become a trusted advisor that they turn to for guidance.

A next-level approach to proactivity is also a plus. This includes setting up alerts to rapidly identify issues and putting new measures in place to ensure mistakes don’t repeat themselves.

Transitioning toward a more risk-based approach, bolstered by a security-first mindset, will go a long way, opening doors for both more recurring and non-recurring revenue streams as clients seek out your consultation. The best MSPs are experts at assessing their customers’ environment and developing a tailored plan that covers governance, compliance, and ongoing risk management. What’s more, they adjust their approach regularly to reflect the ever-changing security needs of their clients—offering more opportunities to showcase their value and up their revenue stream.

The Impact of Cloud Computing

While MSP revenue is rising, profit margins are actually shrinking. Part of the problem is the fact that MSPs are expanding their portfolio of services, yet still relying on their former pricing structures. But many MSPs are making the problem worse by choosing the wrong cloud service vendor to partner with, which can significantly impact an MSPs already-shrinking profit margins.

Some cloud service vendors are simply not priced to support an MSP. And with the pace at which cloud technology is evolving, a process that was cutting-edge when an MSP implemented it could become inefficient within a period of weeks. It’s vital that MSPs be open to change if a vendor becomes unsustainable, lest risk their own services becoming unsustainable as a result.

You should also be ready to address any cloud-related questions and concerns that clients raise. Cloud technology is still relatively new, and it can be confusing, so overcoming any uncertainties will play a key role in an MSP’s ability to act as a valuable advisor to its clients.

How MSPs Use Software

Just as they bring value to their customers by streamlining workflows and protecting networks, MSPs need internal frameworks that increase efficiency.

Professional services automation (PSA) tools allow MSPs to streamline and automate repetitive administrative tasks. This saves time and cuts costs, all while enabling greater scalability.

MSPs can also utilize remote monitoring and management (RMM) tools. These automate the patching process and allow you to reduce time spent on resolving tickets, essentially doing more with less. Not only does this enable a more proactive approach, but it puts time back into the support team’s day to focus on other things.

Needless to say, MSPs should be easily accessible to their clients via technology. Remote desktop support makes that possible. With remote control over a client’s systems, MSPs can rapidly solve issues from wherever they are—without interfering with the end user’s access. This reduces customer downtime, allowing repairs and IT support to happen quietly in the background.

What the Future Holds for MSPs

The role of MSPs is changing. Keeping an eye on these emerging trends can help you anticipate shifting client expectations—and stay ahead of the curve.

Arguably the largest area of opportunity for MSPs is cybersecurity—and that service is only going to grow more valuable. Even as awareness increases and regulations tighten around data privacy laws, the number and complexity of cyberattacks continue to rise. Between 2017 and 2018, the annual cost of combating cybercrime rose by 12%—from $11.7 million to a record high of $13 million—so establishing yourself as a cybersecurity expert now will put you in good stead for the future.

The Internet of Things (IoT) is also going to have a major impact on MSPs. Keeping up with the sheer volume of devices being used on a day-to-day basis requires a dynamic approach to systems management. This includes being proactive about establishing best practices and security guidelines around new technology, such as the use of voice assistants.

Business intelligence offerings are also likely to grow in demand. With the use of IT in business at an all-time high, the amount of data being generated is enormous. But data is only numbers without someone to effectively consolidate and analyze it to extract actionable insights. Providing easy access to reports and KPIs that clearly demonstrate areas for improvement will allow MSPs to not only stay relevant in this data-driven market but become leaders in their field.


This article was provided by our service partner : connectwise.com

Why Simplified Security Awareness Training Matters for MSPs and SMBs

In a recent report by the firm 451 Research, 62 percent of SMBs reported having a security awareness training program in place for their employees, with half being “homegrown” training courses. The report also found that most complained their programs were difficult to implement, track, and manage.

Like those weights in the garage you’ve been meaning to lift or the foreign language textbook you’ve been meaning to study, even our most well-intentioned efforts flounder if we’re not willing to put to use the tools that can help us achieve our goals.

So it goes with cybersecurity training. If it’s cumbersome to deploy and manage, or isn’t able to clearly display its benefits, it will be cast aside like so many barbells and Spanish-language dictionaries. But unfortunately, until now, centralized management and streamlined workflows across client sites have eluded the security awareness training industry.

The Importance of Effective Security Awareness Training

The effectiveness of end user cybersecurity training in preventing data breaches and downtime has been demonstrated repeatedly. Webroot’s own research found security awareness training cut clicks on phishing links by 70 percent, when delivered with regularity. And according to the 2018 Data Breach Investigation Report by Verizon, 93 percent of all breaches were the result of social engineering attacks like phishing.

With the average cost of a breach at around $3.62 million, low-overhead and effective solutions should be in high demand. But while 76 percent of MSPs reported using some type of security awareness tool, many still rely on in-house solutions that are siloed from the rest of their cybersecurity monitoring and reporting.

“MSPs should consider security awareness training from vendors with cybersecurity focus and expertise, and who have deep visibility and insights into the changing threat landscape,” says 451 Research Senior Analyst Aaron Sherrill.

“Ideally, training should be integrated into the overall security services delivery platform to provide a unified and cohesive approach for greater efficacy.”

Simple Security Training is Effective Security Training

Security awareness training that integrates with other cybersecurity solutions—like DNS and endpoint protection—is a good first step in making sure the material isn’t brushed aside like other implements of our best intentions.

Global management of security awareness training—the ability to initiate, monitor, and report on the effectiveness of these programs from a single pane of glass across all of your customers —is the next.

When MSPs can save time by say, rolling out a simulated phishing campaign or training course to one, many or allclient’s sites across the globe with only a few clicks, they both save time and money in management overhead, and are more likely to offer it as a service to their clients. Everyone wins.

With a console that delivers intuitive monitoring of click-through rates for phishing campaigns or completion rates for courses like compliance training, across all client sites, management is simplified. And easily exportable phishing and campaign reports help drive home a client’s progress.

“Automation and orchestration are the force multipliers MSPs need to keep up with today’s threats and provide the best service possible to their clients,” says Webroot SVP of Product Strategy and Technology Alliances Chad Bacher.”

So as a growing number of MSPs begin to offer security awareness training as a part of their bundled services, and more small and medium-sized businesses are convinced of its necessity, choosing a product that’s easy to implement and manage becomes key.

Otherwise, the tool that could save a business from a breach becomes just another cob-webbed weight bench waiting for its day.


This article was provided by our service partner : webroot.com

CyberSecurity

A Cybersecurity Checklist for Modern SMBs

The landscape of digital security is rapidly shifting, and even the largest tech giants are scrambling to keep up with new data regulations and cybersecurity threats. Small to medium-sized businesses (SMBs) are often left out of these important conversations, leaving themselves — and their users — vulnerable. In an effort to combat this trend, Webroot conducted a survey of more than 500 SMB IT leaders in the UK, revealing common blind spots in SMB cybersecurity practices. As businesses around the globe grapple with similar change, our Size Does Matter: Small Businesses and Cybersecurity report offers insight and guidance for companies regardless of geography. 

The biggest takeaway? We turned to Webroot’s Senior Director of Product Strategy Paul Barnes for his thoughts.

“The damage from data loss or downtime often means substantial financial and reputational losses, sometimes even leading to a business no longer being viable. A key learning for all small businesses should be to stop hiding behind your size. Instead, become educated in the risks and make your security posture a differentiator and business driver.”

When you’re putting together a cybersecurity checklist, you’ll need to do one thing first: check your preconceived notions about SMB cybersecurity at the door. Your business is not too small to be targeted. The data you collect is both valuable and likely vulnerable, and a costly data breach could shutter your business. More than 70% of cyberattackstarget small businesses, with 60% of those going out of business within six months following their breach. With both the threat of hackers and the looming possibility of increased GDPR-style data regulatory fines, your small business cannot afford to be underprepared.

The first step to a fully realized cybersecurity program? An unflinching look at your company’s resources and risk factors.

“Understand what you have, from a technology and people perspective, and the risks associated with loss of data or operations, whether through externally initiated attacks or inside threats,” advised Barnes. “This will allow you to plan and prioritise next steps for protecting your business from attack.”

For established SMBs, this type of internal review may seem overwhelming; with so many employees already wearing so many hats, who should champion this type of effort? Any small business that is preparing to modernize its cybersecurity protocols should consider bringing in a managed service provider (MSP) to do an internal audit of its systems and to report on the company’s weaknesses and strengths. This audit should serve as the backbone of your cybersecurity reform efforts and — depending on the MSP — may even give you a security certificate that can be used for marketing purposes to differentiate your brand from competitors.

With a strong understanding of your company’s strengths and weaknesses, you can begin to implement an actionable cybersecurity checklist that will scale as you grow, keeping your business ahead of the data security curve. Each SMB’s checklist will be unique, but these best practices will be integrated into any successful cybersecurity strategy.

Continuous Education on the Latest Threats

A majority of small to medium-sized businesses rely on software systems that are constantly evolving, closing old security gaps while potentially opening new ones. With a tech landscape in constant flux, one-off security training will never be enough to truly protect your business. Comprehensive employee training that evolves alongside cybersecurity threats and data privacy regulations are your company’s first line of cybersecurity defense. Include phishing prevention practices in these trainings as well. Although seemingly old hat, phishing attacks are also evolving and remain one of the largest causes of data breaches globally. Continuous training of employees helps build a culture of security where they feel part of the team and its success. 

Regular Risk Assessment and Security Audits

Just as one-off training is not sufficient in keeping your staff informed, a one-off audit does nothing to continuously protect your company as it grows. Depending on your industry, these audits should take place at least annually, and are the best way to detect a security flaw before it is exploited. Factors such as the sensitivity of the data your business houses, and the likely impacts of a successful breach—your risk profile—should guide decisions regarding the frequency of these security audits.

Disaster Response Plan

Having a prepared disaster response plan is the most effective way to mitigate your losses during a data security breach. Backup and recovery tactics are critical components of this plan. It should also include a list of security consultants to contact in order to repair the breach, as well as a communications plan that notifies customers, staff, and the public in accordance with data protection regulations. An MSP can work with your company to provide a disaster response plan that is customized to your business’ specific needs.

Bring Your Own Device

Never scrimp on mobile security. Many companies now tolerate some degree of bring-your-own-device (BYOD) policy, giving employees increased convenience and employer accessibility. But convenience is a compromise and, whether it be from everyday theft or a malicious app, mobile devices are a weak point in many company’s security. Including mobile security guidelines like automatic device lock requirements, strong password guidelines, and failsafe remote wipe access in your BYOD policies will save your company money, time, and heartache.

Layer Your Security

Finally, ensure your business has multiple layers of defense in place. Accounting for endpoint devices is no less critical than it’s always been, but businesses are increasingly learning that networks and users need protection, too. DNS-layer security can keep employees from inviting risky sites onto your network, and security awareness training will help your users recognize signs of an attack. No one solution is a panacea, but tiered defenses make a business more resilient against cybercrime.

Survey says: We don’t have time for this

One of the largest impediments to SMBs adopting these modern cybersecurity protocols is the perceived time cost, with two-fifths of IT leaders surveyed by Webroot stating they simply do not have the time or resources to fully understand cybersecurity threats. The uncomfortable truth is that, if you can’t find the time to protect your data, a hacker whodoes have the time is likely to find and exploit your security gaps. But there is a silver-lining, the smaller size of an SMB actually allows for a certain level of agility and adaptiveness when implementing cybersecurity policies that is inaccessible to tech giants.

“SMBs can no longer consider themselves too small to be targets. They need to use their nimble size to their advantage by quickly identifying risks and educating employees on risk mitigation, because people will always be the first line of defense,” said Barnes.

You’ll find additional benefits beyond the base-level protection a comprehensive cybersecurity plan provides. As 33% of SMBs surveyed by Webroot say they prefer not to think about cybersecurity at all, demonstrating that your company is ahead of the problem can be a powerful way to distinguish your business from its competitors. With consumer data privacy concerns at an all-time high, a modern cybersecurity checklist may be one of the best marketing tools available. The best way to stay ahead of cybersecurity threats is to stay informed. Read the entire Size Does Matter: Small Businesses and Cybersecurity report for an in-depth look at how your SMB contemporaries are handling data protection, and stay up-to-date with Webroot for additional cybersecurity reports and resources.


This article was provided by our service partner : webroot.com

remote access

Remote Access: What You Should Know

In the prehistoric age of computers, when they took up entire rooms in tall buildings, remote support was just a twinkle in the eyes of early engineers. Fast-forward several decades to the 1980s and the advent of the World Wide Web and voila! Remotely servicing machines was no longer a wishful thought, but an actual possibility.

Today, with billions of smart devices around the globe to support, managed service providers (MSPs) have come to rely on remote access tools to troubleshoot technology issues wherever the end user is in the world.

As remote access solutions become more sophisticated, there are fewer reasons to send technicians on site to support devices. This not only adds to an MSP’s bottom line, it also makes technicians and engineers more effective at their jobs.

What is Remote Access?

In its simplest form, remote access is a process where a technician is able to access a machine (it could be a computer, smart phone, or a server) from another location.

Can you think of an industry that doesn’t use smart devices (computers, phones, tablets, etc.)? Somewhere in the company’s infrastructure, there’s a machine – and those machines can malfunction. As glamorous as it would be to fly all over the globe to fix computers and phones in exotic locations, it’s not exactly cost-effective to send techs troubleshoot issues in person. So, when tech issues arise, it’s remote access to the rescue!

So, what’s the difference between remote access and remote support? Some in the IT community use those terms interchangeably. When you think about it, they’re not wrong. For the purposes of this article, the difference is this:

Remote access is the process where a technician remotely supports machines, mobile devices, servers, and systems that are unattended by the end-user.

Remote support is the same process essentially, with one key difference: the technician is assisting a person on the other end of the session while they address tech issues with the person’s device.

Choosing the Best Remote Access Software for Business

There are dozens of solutions on the market, ranging as broadly in complexity and capability as they do in price. Some cater to home users and others to enterprises. Some split up the remote access and support functionality into different tools. Others are all-inclusive (meaning one software offers the option to both support end users AND access unattended machines).

Narrowing the options down to the right one for your business can be tricky. It might even be tempting to opt for the cheapest one and hope for the best. But not all remote access solutions are created equal. Here’s what you should consider.

Security

Security is at the top of the feature list. Remote access without proper security exposes business data to cybercriminals. When data breaches happen, MSPs lose not only credibility, but money. MSPs can incur fines associated with data breaches, not to mention lost revenue due to poor reputation, lost clients, and remediation.

Look for a comprehensive security feature set that includes:

  • Role-based permissions
  • Password management
  • SSL
  • Alerts
  • Multiple authentication methods

MSPs that support industries like healthcare may require you to have specific security measures in place to comply with legal and ethical guidelines like PCI, DSS, and HIPAA. If these apply to you, make sure your choices include additional security features like:

  • On-premises options
  • Video auditing and recording

Reliable Connectivity

Another ding on an MSP’s credibility is slow, unreliable connectivity. Shaky remote access tools are bad for technician morale and can also leave your customers with a bad impression of your IT services. A remote access tool worth should let a technician connect to the device in seconds, temporarily install software for non-managed machines or break/fix scenarios, and will include options to install permanent agents as needed.

Cross-Platform Compatibility & Mobile Support

Companies that MSPs support will usually rely on an array of devices – both mobile and stationary – to run their day to day business functions. The thing is, many of these devices run off of different platforms, tasking MSPs with supporting Microsoft® Windows, Mac, Linux, Android, and Chrome. Likewise, it’s important for technicians to be able to access machines while they’re away from their desktops.

Integrations

Disparate systems are no good – that’s not a new idea. So, it’s crucial that the solution you choose integrates with the other systems you use (ticketing, billing, and business management). Otherwise, you could be creating more problems than you’re solving. When you’re researching remote access tools, ask yourself these questions:

Does this integrate with the solutions I already use?

Does this offer extensions and apps for enhanced capabilities?

How often are new solutions added to the integration roster?

Online Collaboration

A strong tech support team relies on collaboration to get the job done quickly and accurately. If your remote support solution doesn’t also offer remote meeting capabilities, you’re missing out on an easy way to promote team collaboration, and to share information quickly with your customers through screen-sharing and simple document sharing.

The right remote access solution allows your techs to help each other or request help easily, and gives them the capability to chat with end users, share screens with customers, and set up meetings to help explain issues quickly and directly.

Customization

White labeling is key for brand recognition and building trust. Remember that remote access can be daunting for end users. The more your customers see your MSP’s logo, colors, and messaging, the easier it’ll be to build your brand equity.

Beyond logos, colors, and custom URLs, consider which customizations would most benefit your team. The best remote access software will offer an array of editable settings, languages, designs, and workflows.

Setup & Implementation

Something to find out about before choosing a remote access tool is how much time and education is required before you’re up and running with your new solution. With some solutions, it’s a very simple process that involves installing an access point onto the machine(s) or “endpoint” you want to support. Be careful to consider things like compatibility – if your endpoints run on Windows OS, for instance, you should check to make sure the remote access tool support it.

The Future of Remote Access

Cloud information management has drastically changed how companies share resources. The cloud has made it possible for even the smallest companies to distribute information and resources around the world, making it crucial for MSPs to be able to administer cloud management and monitoring.

An MSP’s systems need to be able to weather the storm of a constantly changing industry. A robust remote access solution—allowing you to work in multiple environments and continue to support new tools—is key to building a successful business. Evaluate your selections for remote access tools by considering which solutions offer the development support you’ll need for scalability.

A Remote Access Solution that Checks All the Boxes

Every MSP and help desk needs a reliable and secure remote access tool that scales as the workforce needs change.


This article was provided by our service partner : connectwise.com

How RMM Solves Break/Fix Problems

Despite the rise of managed service providers (MSPs), many IT companies still operate on a break/fix model. But the proactive managed services model is far easier and more cost-effective—and helps you provide a much stronger level of service to your clients. If you’re still providing services on a break/fix basis, a remote monitoring and management (RMM) tool can help you make the transition to managed services.

Not sure of the benefits an RMM tool offers? Here are a few.

Cash Flow

In a break/fix model, clients only pay for your services when they need something fixed. As a result, cash flow is inconsistent and unpredictable. By contrast, MSPs charge a uniform monthly fee in exchange for constant, proactive monitoring of a client’s systems. RMM tools proactively monitor a client’s devices and networks, allowing you to charge a monthly fee for your always-on service.

Complex IT Issues

In a break/fix model, you don’t hear about an IT issue until it’s grown large enough for a client to notice. This usually means the problem has become widespread and complicated—whereas a problem in the early stages can be simpler and quicker to resolve. RMM software can detect IT issues before the client notices them, enabling you to fix them proactively before they cause widespread problems.

Wasted Time

Time spent to and from client sites can represent a large part of a break/fix technician’s day—and eats up resources that could be better spent elsewhere. It also takes additional time to analyze a client’s devices and gather basic information about the infrastructure and issue. Every second spent traveling or collecting background information hinders your company’s growth by reducing productivity. But with RMM, you can gather information automatically and solve issues remotely, reducing costs and making every second count.

Client Mistrust

If you operate on a break/fix model, you may fix a client’s issue only to have them call you the next day with the same issue or a related one. The more problems a client experiences, the less they’ll trust you. If you’ve supposedly already fixed the issue, they’ll wonder, why does it keep happening? That’s a problem you can avoid with the help of an RMM tool. Constant monitoring means you’ll always know what’s going on, and if you discover a potential issue, you can fix it quickly. Give the client a well-performing infrastructure, and you’ll deepen their trust in your services.

Limited Manpower

Break/fix models can keep your technicians constantly busy as they dash off to fix one client issue after another. If they’re overworked, they may miss incoming work. An RMM tool automates tasks to ease up the strain on your team and help them handle clients more efficiently.

Outdated Systems

Outdated systems can be a strain on break/fix companies. If a client experiences problems with outdated software or devices, they may budget for upgrades rather than for the IT services you provide—costing you potential business. RMM keeps your clients’ systems up to date with the latest tools and software.

Negative Associations

The break/fix business model may cultivate an unhealthy relationship between providers and clients. You make money only when your client’s system is failing. This creates a negative association in your client’s mind, and they may put off calling you until it’s absolutely necessary. At that point, of course, the problem is much more difficult to resolve. With RMM, you keep everything running as it should, building satisfaction rather than resentment.

Loss of Business

If you don’t offer managed services, someone else will—and it’s only a matter of time before your client finds them. Transitioning to an MSP with the help of an RMM tool means better service for your clients and more business for you.

By adding an RMM tool to your solution toolkit, you’ll be able to proactively detect problems before your client notices, allowing you to offer a better quality of service. In addition, your staff will experience an increase in productivity that will help your company’s bottom line.


This article was provided by our service partner : connectwise.com

Managed Security Services

Managed Security Services—the Opportunity, the Risk, and the Challenge

Worldwide SMBs are projected to grow their spending on remote managed security to an estimated $21.2 billion by 2021, making it the highest growth area in the managed services market. Yet many IT service providers are shying away from this services goldmine because they don’t possess the people, process, or technology to address increasingly sophisticated cyberattacks. Ironically, your customers believe you are handling ‘all things’ security related, which begs the question; is there a way to have a common language to communicate and mitigate the ambiguity of ‘who owns the risk?’

Why does your customer feel you are responsible for ‘all things’ security related? Have you ever said any of the following things to a prospect and/or customer? “We are your outsourced IT department. We reduce your risk and exposure. Our Virtual CIO (vCIO) meets with you quarterly to ensure your business and technology requirements are in alignment. You pay one monthly fee that is outcome driven. We do it all!” For more than ten years, our industry has preached managed services at every industry event and customer/prospect engagement. Our industry has prophesized managed services and therefore conditioned our customers that ‘we do it all!’

With today’s attacks becoming more sophisticated, the days of securing ourselves and our customers through a tools-based model (endpoint and firewall protection, email security/backup, and DNS) are not enough. Some managed service providers (MSPs) have started to add phishing services with security awareness training, which is an excellent step in meeting compliance for security awareness training.

To recalibrate our customer’s mindset, we need to be able to speak a common language about how the threat landscape has changed, and what has worked for years, won’t work in the future. A cybersecurity risk assessment is necessary to identify the gaps in your customer’s critical security controls and to determine actions to close those gaps. Learning how to perform a risk assessment, and more importantly, the art of having the conversation about ‘who owns the risk,’ are the critical next steps an MSP should be taking with their customers if they are not today. Vulnerability scanning and continuous monitoring would be critical next steps, post risk assessment.


This article was provided by our service partner : connectwise.com