Posts

Asset Management

Don’t Ignore Security Activity That Could Help the Most

We tend to think of security as the tools—like email scanning, malware, and antivirus protection—we have in place to secure our network. But did you know that the process of asset management helps you minimize the threat landscape too?

Management of software and hardware has historically been treated as a cost-minimizing function, where tracking assets could be the difference between driving or reducing value, from an organizational perspective. However, even the best security plan is only as strong as its weakest link. If IT administrators are unaware where assets reside, the software running on them, and who has access, they are at risk.

Understanding the device, as well as the data, is what matters here. Having an in-depth knowledge of the network of devices and their data is the first step in protecting it. Often, organizations have the tools in place to support and maintain the device, but once in place on the network, it can be easy to set it and forget it until it need repair, replacement, or up for review. Conducting asset management on a regular basis should be a fundamental function for your security plan and can strengthen the security tools you already have in place. Remember, asset management has to be continuous for it to be truly effective.

When you’re conducting continuous asset management you can always answer the following questions should an incident occur:

  • What devices are currently connected to the internet?
  • How many total systems do you have?
  • Where is your data?
  • How many vendors do you have?
  • Which vendors have what kind of your data?

Companies struggle with consistent and mature asset management because they often don’t have the time or dedicated resources to stay on top of it. However, an IT asset management program can add value by reducing costs, improving operational efficiency, determining full cost, and providing a forecast for future investments. Oversight and governance help to solidify policies and procedures already in place.

ConnectWise Automate® complements and strengthens security tools and processes by significantly improving the ability to discover, inventory, manage, and report. Additional tool sets–like antivirus and malware protection—can be added to help further protect data and reduce operational risk.

recent study of the Total Economic Impact of ConnectWise showed, “Organizations estimated that they could shorten engineers’ involvement by 60%, thus cutting the cost of hardware maintenance by $1.2 million.”


This article was provided by our service partner : Connectwise.

Considerations in a multi-cloud world

With the infrastructure world in constant flux, more and more businesses are adopting a multi-cloud deployment model. The challenges from this are becoming more complex and, in some cases, cumbersome. Consider the impact on the data alone. 10 years ago, all anyone worried about was if the SAN would stay up, and if it didn’t, would their data be protected. Fast forward to today, even a small business can have data scattered across the globe. Maybe they have a few vSphere hosts in an HQ, with branch offices using workloads running in the cloud or Software as a Service-based applications. Maybe backups are stored in an object storage repository (somewhere — but only one guy knows where). This is happening in the smallest of businesses, so as a business grows and scales, the challenges become even more complex.

Potential pitfalls

Now this blog is not about how Veeam manages data in a multi-cloud world, it’s more about how to understand the challenges and the potential pitfalls. Take a look at the diagram below:

cloud services

Veeam supports a number of public clouds and different platforms. This is a typical scenario in a modern business. Picture the scene: workloads are running on top of a hypervisor like VMware vSphere or Nutanix, with some services running in AWS. The company is leveraging Microsoft Office 365 for its email services (people rarely build Exchange environments anymore) with Active Directory extended into Azure. Throw in some SAP or Oracle workloads, and your data management solution has just gone from “I back up my SAN every night to tape” to “where is my data now, and how do I restore it in the event of a failure?” If worrying about business continuity didn’t keep you awake 10 years ago, it surely does now. This is the impact of modern life. The more agility we provide on the front end for an IT consumer, the more complexity there has to be on the back end.

With the ever-growing complexity, global reach and scale of public clouds, as well as a more hands-off approach from IT admins, this is a real challenge to protect a business, not only from an outage, but from a full-scale business failure.

Managing a multi-cloud environment

When looking to manage a multi-cloud environment, it is important to understand these complexities, and how to avoid costly mistakes. The simplistic approach to any environment, whether it is running on premises or in the cloud, is to consider all the options. Sounds obvious, but that has not always been the case. Where or how you deploy a workload is becoming irrelevant, but how you protect that workload still is. Think about the public cloud: if you deploy a virtual machine, and set the firewall ports to any:any, (that would never happen would it?), you can be pretty sure someone will gain access to that virtual machine at some point. Making sure that workload is protected and recoverable is critical in this instance. The same considerations and requirements always apply whether running on premises or off premises.  How do you protect the data and how do you recover the data in the event of a failure or security breach?

What to consider when choosing a cloud platform?

This is something often overlooked, but it has become clear in recent years that organizations do not choose a cloud platform for single, specific reasons like cost savings, higher performance and quicker service times, but rather because the cloud is the right platform for a specific application. Sure, individual reason benefits may come into play, but you should always question the “why” on any platform selection.

When you’re looking at data management platforms, consider not only what your environment looks like today, but also what will it look like tomorrow. Does the platform you’re purchasing today have a roadmap for the future? If you can see that the company has a clear vision and understanding of what is happening in the industry, then you can feel safe trusting that platform to manage your data anywhere in the world, on any platform. If a roadmap is not forthcoming, or they just don’t get the vision you are sharing about your own environment, perhaps it’s time to look at other vendors. It’s definitely something to think about next time you’re choosing a data management solution or platform.


This article was provided by our service partner: veeam.com

Automation

IT Automation and Why Should You Use It?

The hottest word in IT is automation. More and more companies are using automated technology to speed up repetitive tasks, improve consistency and efficiency, and free up employees’ time. But what exactly is IT automation, and is it worth making changes so you can include it in your IT department or company? By looking at all the facts, options, and benefits, you can make an informed decision and maximize the potential of IT automation for your team.

What is IT Automation?

IT automation is a set of tools and technologies that perform manual, repetitive tasks involving IT systems. In other words, it’s software that carries out information technology tasks without the need for human intervention. IT automation plays an essential role in proactive service delivery, allowing you to provide faster, more effective technology services to your clients. It can also create, implement, and operate applications that keep your business running smoothly.

Businesses today are increasingly turning to IT automation as a method that saves time and improves accuracy, among other benefits. IT automation can apply to a number of different processes, from configuration management to security and alerting. Regardless of what type of technology services you offer—whether it’s managed print services, value-added reselling, internal IT, or managed services—there’s always room for automation within your company.

What Are the Benefits of IT Automation?

Being a time-saver is where IT automation offers the most benefits. As Information Age reports, employees lose an average of 19 working days per year to repetitive tasks like data entry and processing—things that could easily be automated.

By handling redundant tasks automatically, IT automation eliminates the need for techs to spend hours creating tickets, configuring application systems, and performing other tedious functions. As a result, your team can turn their attention to higher priority tasks. And while that will probably come as a relief to your employees, that’s not where the benefits end.

Automating repetitive tasks allows your team to handle more, which enables you to bring on more clients and reduce the need to hire additional employees. In other words, IT automation means you can do more with less.

Technology professionals that use IT automation tend to see a weekly billing average in the 40- to 100-hour range, meaning the automation software performs that many hours of human labor per week. Breaking that down, it translates to the work of one to two and a half full-time employees. Unlike employees, the automation system performs at a fixed cost and never takes a holiday or sick leave. It’s always doing its job.

Of course, we’re not suggesting that IT automation should replace human employees. Rather, it helps employees perform their jobs with greater power and accuracy. It pushes the boundaries of what your team can achieve.

Another benefit of IT automation is simply your peace of mind. As an entrepreneur and/or a manager, it can be hard to hand over all your IT tasks to an employee, and trust that they’ll get the job done. You may feel the need to remind them or check in regularly to see their progress, and that in itself can take up time. With IT automation, all of that is taken care of, which means you can turn your attention to higher pursuits.

Many IT automation systems handle everything from one platform, which greatly improves organization and cross-department visibility. You’ll be able to access all the information you need quickly and seamlessly from one location. And you’ll be able to check in with other departments via a few simple clicks.

You’ve heard that consistency is key. A good IT automation strategy allows you to provide a consistent customer experience. By monitoring workflow, it also ensures that no steps are missed in the delivery process. Since everything is handled automatically, IT automation also cuts down on response times, leading to quicker customer interactions and a more efficient process from start to finish. Needless to say, consistency and a high level of accuracy really are key to satisfying customers, and an improved customer satisfaction rate means more business for your company.

What Are the Risks of Not Automating?

Even if you haven’t yet made the decision to automate, you can safely assume most of your competitors already have. Automation is quickly changing the face of the IT world. In a 2017 study by Smartsheet— which surveyed approximately 1,000 information workers—65 percent reported using automation in their daily work, while 28 percent said their company plans to start using automation in the future. Clearly, if you’re not currently using IT automation, you’re already falling behind the competition.

Companies using automation have discovered that it saves significant time—and that time translates to money. As an example, let’s look at the time an average IT department pours into reactive tickets. If we assume that a technician creates 20 tickets a day, that’s about 100 tickets per week, or 5,000 per year. If automation would allow a tech to save three minutes per ticket by saving them from manually re-entering information, and the billable rate is $125/hour, that translates to $31,250 a year in savings—per technician. Imagine the difference it could make to your bottom line if all your technicians were leveraging automation.

Which Tasks Should You Automate?

If you’re considering automating a certain task, that task should meet the following criteria: It can be resolved consistently through documented steps; and the solution can be performed without accessing the user interface. Once you’ve decided which tasks to automate, the next step is to decide which automation systems to implement.

How to Automate IT

The prevalence of automation in the IT industry today means there is a plethora of tools available to help you make the switch. Here are some of the most effective automated system solutions for IT teams.

RMM

RMM (remote monitoring and management) is a software that allows you to monitor devices, networks, and client endpoints remotely and proactively. Like most IT systems, RMM tools are basically automation engines that can reproduce processes and solve cause and effect situations.

A bonus of RMM software is that it can monitor client devices and detect issues proactively. RMM will then create a ticket for the issue, and your tech team can address it before the issue even comes to the client’s attention. RMM also allows your team to manage more endpoints, greatly increasing productivity.

PSA / Workflow Rules

A PSA (professional services automation) is a system for automating business management tasks. By establishing workflow rules, or automated, repeatable processes, you can program the software to perform certain tasks, like reminding clients of contract renewals or license expirations.

Using workflow rules can greatly simplify the process of managing tickets and service tasks. When it comes to workflow, there are three basic types to focus on for service delivery:

  • Status workflow sends a notification when a ticket status changes to a specific value.
  • Escalation workflow defines the steps to be taken based on the conditions of a ticket.
  • Auto resolution workflow keeps tickets from piling up by creating auto-closure timeframes for alerts that are informational or historical.

Many companies benefit from combining PSA and RMM solutions. For example, based on the real-time alerts you receive in your RMM software, you can automatically generate and manage service tickets in your PSA software, and thereby respond to customer needs more quickly than ever.

Whether or not you need to ticket everything that the RMM software generates is a highly debated topic, but it all comes down to the idea of information. With the right data, you can predict problems before they occur and simplify the troubleshooting process. You’ll have all the info you need about each client, and you’ll be able to see supported devices, service history, and other details. Perhaps best of all, you won’t waste time hunting around for that information. You can simply pull up the ticket and find everything you need, which translates to a faster turnaround and the ability to quickly move on to the next client.

Remote Support and Access

Remote support and access software can integrate with RMM and PSA solutions to help you rectify tech issues, track time and activity onto a ticket, and quickly find that information later while auditing. In effect, remote support and access acts as a bridge between you, your end users, and their devices. Provided the endpoint is online, this software allows you to deliver fast and secure reactive services. Remote support and access can help you both work directly with a customer and remotely access unattended devices. It’s a way to solve issues more quickly from a remote location.

Marketing Automation / CRM Capabilities

The average marketer spends nearly one-third of the work week completing repetitive tasks, according to a study conducted by HubSpot. Those tasks include gathering and organizing data, emailing clients, building landing pages, and managing lists. With a marketing automation tool, you can greatly reduce that number and free up your marketers to spend their time and energy on more high-level tasks.

Marketing automation can help you easily build emails and landing pages, score new leads for sales readiness, and access and understand your marketing metrics to accurately measure the success of your efforts. The best marketing automation software integrates with your PSA tools for centralized information you can access quickly.

With an automated CRM (customer relationship management) system, you’ll be able to set reminders for your sales team, alerting them to complete tasks like following up with prospects so they can move steadily through the sales funnel, and close deals on track.

Quote and Proposal Automation

Also known as a CPQ (configure, price, quote) tool, quote and proposal automation imbues your sales process with greater visibility and accountability. Think of it as a second brain for your sales team—empowering you to turn leads into happy new clients.

With pre-defined templates and pricing models, you’ll achieve a high level of consistency across your sales team. You’ll also save yourself the time of manual calculations, especially if you offer clients the same markup with each quote—and you’ll eliminate the risk of making a costly miscalculation.

Plus, pricing integrations allow you to find and incorporate hardware pricing in seconds, without taking the time to manually check different sources and pull the results into your proposal.

Document Your Automation

After successfully implementing IT automation software, your work isn’t done. It’s important to also document your automation campaign, for a number of reasons.

For one thing, documentation will help significantly when you need to train new team members. And if one of your staff takes a vacation or sick day, clear documentation ensures the rest of your team will be able to quickly fill in.

Documentation will also help your clients see the value of your services. As they assess whether your service is cost-effective or not, a deciding factor can be the efficiency with which you run your business. If you’re using industry-leading automation to run the most effective business possible, that gives you a competitive advantage. And if you’ve documented your automation from beginning to end, you’ll have a record of improvements and stats you can rely on to help inform clients of your company’s high standards.

It’s also important to be aware of the new capabilities automation brings. For instance, if you can tell a client that you proactively monitor for low disk space on their servers and workstations, and that you’ll automatically free wasted drive space to avoid system outages, you’ve already made an impression.

The main point to get across to clients is that your team is constantly looking for ways to provide more proactive and efficient IT solutions. When used and communicated effectively, automation can be key to achieving that element of trust that leads to delighted clients and fulfilled team members.


This article was provided by our service partner : Connectwise

Active Directory

Three Active Directory Automation Scripting Tips Using PowerShell

Active Directory is one of the most common products I see being automated. After all, it’s the perfect candidate. How many times do new users have to be created, group memberships changed, or new computers added? Employees are coming and going all the time, and the actions to perform these tasks are the same—every time.

Microsoft® has an Active Directory (AD) PowerShell module that allows anyone to manage AD objects and write scripts to tie various tasks together. However, with PowerShell expertise, we can create scripts that go past just finding users and groups. We can automate any task you can think of in AD.

Find All Effective Members of a Group

AD has a great feature that allows you to add groups to other groups. This cuts down on the number of repeated group assignments you have to make, and makes AD much cleaner. However, when navigating to a group in the AD Graphical User Interface (GUI), you can only see the members in that immediate group. You may see others, but you’ll have to look at the members of those groups over and over again.

It can become a pain when you want to see all of the affected user accounts, but we can solve that using a PowerShell code and a recursive function.

To find members of a group with PowerShell, use the Get-AdGroupMember cmdlet. This command returns all members in just that group. However, a property on each of those members is an AD attribute indicating if it’s a user, a group, etc. That way, we know what kind of object it is. Knowing this, we can build code to look at each of those members, check to see if they’re a group, and if so, run Get-AdGroupMember again. If not, we return the member.

We need to use a recursive function—a function that calls itself, forcing it to find user accounts nested deep inside of various groups. By using a recursive function like this, a user can be nested ten groups deep, and we’ll still find it.

An example of how this can be done is below. This function can be called via Get-NestedGroupMember -Group MyGroup.

function Get-NestedGroupMember {
[CmdletBinding()]
param (
[Parameter(Mandatory)]
[string]$Group
)

## Find all members in the group specified
$members = Get-ADGroupMember -Identity $Group
foreach ($member in $members) {
## If any member in that group is another group just call this function again
if ($member.objectClass -eq 'group') {
Get-NestedGroupMember -Group $member.Name
} else { ## otherwise, just output the non-group object (probably a user account)
$member.Name
}
}
}
Easily Find Inactive Group Policy Objects

The next tip is finding inactive Group Policy Objects (GPOs). Especially in large organizations, GPOs can get out of hand and run wild unless controlled. Sometimes there ends up being dozens of GPOs created that aren’t doing anything at all. Rather than picking these out one at a time via the GUI, we can build a simple script to find them all in one shot.

There are two ways to define an inactive GPO. This GPO could have all of its settings disabled, or it could not be linked to an organizational unit. We can create a script to find both of these types. First, we’ll pull all of the GPOs in the environment:

$allGpos = Get-Gpo -All

Once we have them all, we can then filter those GPOs by the ones that have all settings disabled:

$disabledGpos = $allGpos | Where-Object { $_.GpoStatus -eq 'AllSettingsDisabled' }
foreach ($oGpo in $disabledGpos) {
[pscustomobject]@{
Name = $oGpo.DisplayName
Status = 'Disabled'
}
}

Next, we can find all GPOs that aren’t linked to an organizational unit. This is a little trickier, but nothing we can’t handle using the code below:

## Create an empty array
$unlinkedGpos = @()
foreach ($oGpo in $allGpos) {
## Gather up all settings in the GPO
[xml]$oGpoReport = Get-GPOReport -Guid $oGpo.ID -ReportType xml;
## Only return the GPOs that don't have a LinksTo property meaning they aren't linked to an OU
if ('LinksTo' -notin $oGpoReport.GPO.PSObject.Properties.Name) {
[pscustomobject]@{
Name = $oGpo.DisplayName
Status = 'Unlinked'
}
}
}

This script will return a list of GPOs that look like this:

Name Status
---- ------
GPO1 Unlinked
GPO2 Disabled
GPO3 Disabled
Find How Long Ago a User Reset Their Password

For my last tip, let’s figure out how long ago a user’s password was set. More specifically, let’s write a small script that will allow us to find only those users that have had their password set within a configurable amount of days.

This small script uses the Get-AdUser command and filters the users returned using the Where-Object command. In this example, we’re looking at the passwordlastset attribute for each user that is greater than 30 days ago.

$daysOld = 30
$today = Get-Date
Get-AdUser -Filter { enabled -eq $true } -Properties passwordlastset | Where-Object 
{ $_.passwordlastset -gt $today.AddDays(-$daysOld) }
Summary

We’ve just skimmed the surface on what’s possible when automating with PowerShell and Active Directory. By leveraging Microsoft’s Active Directory module and stringing together commands with PowerShell, we’re able to come up with some interesting scripts.

 

HIPAA

HIPAA Compliance — It’s the law…

As an IT Managed Services provider, we’ve heard it all…. I mean, who wants to take on another initiative that is as ambiguous and costly as HIPAA Compliance. Besides, your staff don’t have the time to take on more roles and responsibilities.

There’s only one problem though. These rules and regulations are signed into Law. That means, you are breaking the law. So, where does that leave us? Well, there’s 2 options: 1) Roll the dice and hope you don’t get audited/fined when PHI info is lost/stolen 2) Have someone like NetCal help you be compliant quickly and easily.

You see, we are forced to understand/implement the compliance requirements because as a Business Associate, we are also liable for our client’s non-compliance. We’re in this together and we got your back. It’s actually not as bad as everyone thinks. In particular, we know which items are important to focus on and we know how to get your business in compliance via best practices, trainings, templates, etc…

NetCal will perform the following tasks for you:

1. Perform HIPAA, MACRA, and Meaningful Use Risk Assessment
2. Write your Policies and Procedures
3. Train your Employees
4. Maintain your documents in a web portal
5. Provide support in the event of an audit

High-level Summary of Tasks Needed

1. BAA signings
2. User Training
3. Risk Assessment
4. Create HIPAA Policies
5. Perform IT Discovery and Vulnerabilities list
6. Create Recommendation and Security Plan

Technology Teams

Defining the Value of Technology Teams

Technology Teams are made up of a lot more than just the service technicians working with your customers. Every Technology Team is made up of a combination of people that account for every step of the Customer Journey. Sales, finance, even marketing…they’re all a part of your Technology Teams and enable you to reach your clients, making their jobs and lives a little easier and helping you stay ahead of technology.

Technology Teams are formed to deliver a unique set of solutions and services. Within one company, multiple Technology Teams can combine to form a resilient Technology Organization. ConnectWise provides a tailored experience to fit the customer journey by turning the ConnectWise suite into a platform of microservices. Building on the foundation of the Solutions Menu, we will focus on Technology Workers.

Building Value

As a business with your sights set on current and future success, you have to find ways to build resiliency into your business. A key way to do this is by building out multiple Technology Teams to continuously increase and diversify the value you offer to your clients. The more you can do to cover their needs, now and into the future, the more you’ll be able to serve the needs of your current customers and attract new ones.

Get Specialized

So why not just have one big team in your company, with every resource managing all of the information they need for each customer’s needs? Every Technology Team is going to have a unique approach to solving customer problems, whether in sales, services or billing, and you’ll want to have people dedicated to making sure those unique approaches are supported. Instead of overwhelming your team with the heavy load of understanding everything about every one of your customers.

No one can be a master of everything, so allow your Technology Teams to focus only on expertise in their specific area. By dividing your business efforts to focus on each specific Technology Team, you’ll be more efficient, your team will feel more in control, and your customers will feel like you really understand their needs.

Take the Lead

Once your Technology Teams are leading the way in meeting your customers’ varied—and growing—needs, they’ll be responsible for guiding your customers through every part of the customer journey.

Mastering each step of the customer journey for each Technology Team enables them to provide excellent customer service, laying the groundwork for long-term relationships that keep your customers happy and loyal.

Where to Start

Fortunately, you’re probably already doing this without realizing it. Do you have a list of services you offer? Those probably line up pretty nicely to some of the Technology Teams already. Now you’ll just need to conduct a gap analysis to find out what you’ve got covered and what still needs to have resources put toward it.

A gap analysis looks at your current performance to help you pinpoint the difference between your current and ideal states of business. Get started by answering these three deceptively simple questions with input from your team:

  • Where are we now?
  • Where do we want to be?
  • How do we get there (close the gap)?

Keep working toward full coverage for every Technology Team your customers are looking for, and seeing every client through the steps of the customer journey and before long, you’ll be meeting and exceeding your business goals.


This article was provided by our service partner : Connectwise

Vendor management

Top 3 Questions SMBs Should Ask Potential Managed Service Providers

It can be daunting to step into the often unfamiliar world of security, where you can at times be inundated with technical jargon (and where you face real consequences for making the wrong decision). Employing a Managed Service Provider or MSSP is often in the best interest of small and medium businesses (SMBs).

In a study performed by Ponemon Institute, 34% of respondents reported using a managed service provider (MSP) or managed security service provider (MSSP) to handle their cybersecurity, citing their lack of personnel, budget, and confidence with security technologies as driving factors. But how do you find a trustworthy partner to manage your IT matters?

Here are the top 3 questions any business should ask a potential security provider before signing a contract:

1 – Are you an established and reputable managed service provider?

Okay, this is one that you’ll probably research before reaching out. Look at how long the company has been in business and who their current clients are. Are you confident that they can anticipate the unique technology needs of your business?

2 – Have you worked with other organizations who have technology needs like mine?

You will want to work with MSPs who understand your business and are able to make technology decisions based on your unique needs. Make sure they have a solid track record with other businesses of your size. If your industry has particular compliance concerns or makes heavy use of specialized programs, make sure they have experience with other customers in your industry. 

3 – What does your menu of services offer? 

Make sure they round out these services with key security offerings. To make sure they have basic IT security controls in place, ask them about industry buzzwords like asset inventory, patch management, access management, continuous monitoring, vulnerability scanning, antivirus and firewall management. The specifics of their answers aren’t as important as a confident, well considered plan. 

Security-minded MSPs’ will make sure your software and you web surfing habits don’t provide cyber-criminals with backdoor access to your systems. They will make sure your network is secure, and they will install antivirus on all your computers. Bonus points if they are forward-thinking enough to include Security Awareness Training. Make sure you understand the services that they offer, and ask if any of these services have extra costs. 

While these are not all of the questions you should consider asking a potential service provider, they can help get the conversation started and ensure you only work with service providers who meet your unique needs service providers who meet your unique needs.

  1. Ponemon Institute. (2016, June). Retrieved from Ponemon Research: https://signup.keepersecurity.com/state-of-smb-cybersecurity-report/
  2. Ponemon Institute Cost of Data Breach Study: (2017 June) https://www.ibm.com/security/data-breach
Managed Security Services

Ransomware Variants an MSP Should Watch Out For

We can all agree that ransomware is one of the biggest and most destructive threats managed service providers and their clients have faced in recent years. Currently, there are well over 120 separate ransomware families, and there’s been a 3,500% increase in cyber criminal internet infrastructure for launching attacks since the beginning of 2016. And nearly 90% of MSP report their clients have been hit by ransomware in the last year. But, in spite of these numbers, nearly 70% of MSP still aren’t completely confident their clients’ endpoints are secure against these insidious attacks.

Know Your Enemy

In addition to maintaining up-to-date endpoint security that uses real-time analysis to detect zero-day attacks, it’s important to know your enemy. Cybersecurity provider Webroot recently put together a list of the top 10 nastiest ransomware variants of 2017. You’ve probably heard of the big, newsworthy names that made the list, like WannaCry, NotPetya, and Locky, but here’s a few more MSPs should watch out for.

  1. CrySis
    CrySis attacks by compromising Remote Desktop Protocol (RDP). RDP is a common method for deploying ransomware because criminals can get into admin accounts that have access to an entire organization. First detected in February 2016, CrySis took some time to spread, and really came into its own in 2017.
  2. Nemucod
    This ransomware variant arrives via phishing emails disguised as a shipping invoice. Nemucod downloads malware and encryption components stored from hacked websites, and would have most likely been the worst of the phishing email attacks for the year, had Locky not resurfaced in August.
  3. Jaff
    Like Nemucod and Locky, Jaff uses phishing emails to spread. It also uses similar techniques to other successful ransomware attacks, including Dridex.
  4. Spora
    This ransomware is distributed by legitimate websites that have been compromised with malicious JavaScript code. The sites display a pop-up prompt to visitors, instructing them to update their Chrome browsers to continue viewing the page. But when the unsuspecting user downloads the “Chrome Font Pack”, they get the infection instead.
  5. Cerber
    Cerber also uses phishing and RDP, but unlike some of its colleagues, it distributes ransomware-as-a-service (RaaS). This “service” allows aspiring cybercriminals to use pre-packaged ransomware tools as they choose, while the Cerber author gets a 30% cut of any profits made.
Keeping Your Clients Safe

There are a number of steps an MSP can take to keep clients safe.

  • First, educate your clients. Be sure to teach them how to spot suspicious emails and how to check legitimacy any time an email seems a little off. We also recommend implementing an end user cybersecurity training program.
  • Second, keep applications and plugins up to date, and make sure your clients are using reliable cloud-based antimalware, web filtering, and firewalls.
  • Third, use your operating system to your advantage. Set up Windows® OS policy restrictions, disable auto-run, disable VBS, and filter executables from emails.
  • Fourth, ensure your clients run regular backups, set up offline air gap backups with multiple copies of each file, and maintain up-to-date business continuity measures.

This article was provided by our service partners Webroot & Connectwise.

Microsoft

Four Pillars of the Modern Partner Creating Thriving Cloud Business

 

Guest Author: Matt Morris – Matt Morris is a Partner Technical Strategist & Cloud Business guru in the One Commercial Partner group, where he leads technical sales readiness, and strategy for one of Microsoft’s largest distribution partners. Prior to his current role, Matt worked in enterprise technology sales, software development, and solution architecture roles at Microsoft and other technology firms. He has experience with mid-market and large enterprise organizations across a variety of industries as well as the public sector. He helps customers understand and implement high innovation and transformational technology solutions in the areas of analytics, cloud computing, and developer tools and platforms.

According to IDC, by 2020 IT cloud services revenue will exceed $500 billion. As a part of Microsoft’s One Commercial Partner organization, I know firsthand both the tremendous opportunity cloud computing presents our partners and the complexity that opportunity can pose. So, as you prepare to join us at IT Nation, I want to share a series of cross-industry partner resources that will help you evaluate the benefits and risks of cloud computing, and provide best practices to help you successfully transform your business to capture the largest possible share of those dollars.

 

Is the cloud right for my business?

Nearly 80% of customers are deploying or fully embracing cloud technology today, according to IDC. It’s clear many clients are hungry for the cost-savings and flexibility the cloud can provide, but finding the right pace and model for cloud adoption is challenging for many partners. In The Booming Cloud Opportunity, IDC analyzes the scope of the opportunity and how you can take advantage.

How do I grow my business with the cloud?

No one knows your clients like you do. Your hard-earned expertise solving clients’ challenges is the perfect foundation for a cloud-based practice. You know the solutions your clients want, without compromising their security or increasing long-term costs. More importantly, your clients chose you for a reason. Whether you’ve mastered a particular technology, specific vertical, or business process – your unique expertise can be scaled with cloud solutions to make you more profitable. Whether you’re looking to start gently with an SaaS solutions like Office 365™, or to dive into IaaS or PaaS with Azure™, evaluate your revenue potential with your Office 365 Revenue Modeling Tool or check out the eBook, Differentiate to Stand Out.

Will I need to change my sales & marketing for cloud solutions?

The next challenge is communicating the unique value you offer, particularly when 65% of B2B purchase decisions are made before ever engaging sales. The Modernizing Sales and Marketing Guide distills the best practices other successful partners have implemented. From developing a listening culture and understanding the customer journey, to building the right marketing assets to communicate how you solve customers’ real business challenges, this guide will help you grow your practice.

Am I ready to expand my practice into the cloud?

Changing your business model seems risky, even when you know that it’s critical to long-term success. So, before deciding to wait a little longer, see what it would take to get started. Some cloud services, like Office 365, can be implemented quickly and painlessly. If you have cautious clients, expanding into a hybrid blend of on-premise and cloud solutions might fit. The key is to create a strategy that allows you to leverage easily deployed cloud components to drive services revenue today, while developing your own specialized solutions to turn your unique expertise into a repeatable product over time. Get started with Optimizing your Operations.

However you choose to implement cloud services, my goal is to help you strengthen both your bottom line and your relationship with your customers. Long-term profitability is the result of helping your customers achieve their goals, growing revenue while reducing churn. Our last resource, Delivering Customer Lifetime Value closes the loop.


This article was provided by our service partner Microsoft.

Cisco Umbrella

Cisco Umbrella Has Something New for MSPs

The threat landscape continues to get more sophisticated and complex. In a continued partnership to help MSPs protect their clients, Cisco is excited to announce a new Advanced Cisco Umbrella package specifically designed to help MSPs deliver even deeper protection.

As part of the Cisco Umbrella rollout for MSPs Advanced, centrexIT has become an early adopter. centrexIT, an award-winning Managed Services Provider in Southern California, stands out in the IT industry with a unique take on information technology and business alignment. Although their clients engage with them to support their business technology, network health, cybersecurity, and more, centrexIT’s most important metric isn’t how well the technology is working. It’s how to make their client’s lives easier, more productive, and ultimately make them more profitable. A large part of that goal in 2018, and beyond, is practicing good cybersecurity management.

“We value people over technology,” says Eric Rockwell, CEO of centrexIT. “And that commitment to our Culture of Care in turn leads us to focus on providing excellence in service while using technology that meets the highest of standards.”

That standard is even higher when it comes to security — especially in the face of the many high-profile breaches in security that have taken place throughout the tech industry over the past few years.

“Without following the standards for good cybersecurity controls and adhering to applicable regulations, you’re at a much higher risk of your information being breached — and that’s what you’re seeing on the daily news,” Rockwell says.

Cisco plays a major role in helping centrexIT protect their clients. As long-time partners with Cisco, centrexIT was given the opportunity to be the first to adopt Cisco’s latest security features.

“centrexIT is in the process of transitioning to a Next Gen MSP — an MSP with an MSSP (Managed Security Services Provider) practice,” Rockwell says. “We’re expecting huge growth in our MSSP line of business next year, both from existing MSP clients buying MSSP services as well as non-MSP clients buying MSSP services. Our focus on quality and security will only continue to grow as our clients keep demanding it.”

With the company’s growth and the Culture of Care at the forefront, the centrexIT team was more than ready to adopt the latest features.

“We’re using the new Cisco Umbrella features such as file inspection with anti-virus (AV) engine, Cisco Advanced Malware Protection (AMP), and custom URL blocking to help further protect our clients,” Rockwell says.

File inspection provides centrexIT with even deeper protection. When Umbrella receives a DNS request, it uses intelligence to determine if the request is safe, malicious, or risky — meaning the domain contains both malicious and legitimate content. Safe and malicious requests are routed as usual or blocked, respectively. Risky requests are routed to our cloud-based proxy for deeper inspection. The Umbrella proxy uses Cisco Talos web reputation and other third-party feeds to determine if a URL is malicious. With the advanced package, the proxy will also inspect files attempted to be downloaded from those risky sites using anti-virus (AV) engine and Cisco Advanced Malware Protection (AMP). Based on the outcome of this inspection, the connection is allowed or blocked.

Through custom URL blocking, centrexIT has even more control over information being accessed and in discovering potential security threats. Custom URL blocking gives MSPs the ability to enforce against malicious URLs in a destination list. It provides the flexibility to block specific pages without blocking entire domains.

These new security features are a huge plus for centrexIT and its clients. They help fulfill its core value and meet its key metric, says Rockwell. “At the end of the day, our client’s lives are easier and they’re at peace because they know we’re working tirelessly to care for them and keep their information safe and private.”