MSPs can focus on issues you don’t have time for

MSPs can focus on issues you don’t have time for

Every business relies on technology to function. From simple things like email, VoIP, and the internet, all the way to predictive analytics for inventory and sales, digital technology is at the root of every business. Unfortunately, no matter how much small- to medium-sized businesses may rely on their IT infrastructure to operate, they often try to “get by” with their in-house IT staff to keep things running. In this blog, we will discuss the value a Managed Service Provider brings to an SMB: a value that cannot be replicated in-house.

First, it is important for a business owner to realize that an IT infrastructure is not a static entity. Nothing is “plug-and-play” in today’s business environment. There is no “build it and forget it.” Because everyone relies on technology that must be running 24/7, businesses need to be proactively monitoring the performance and availability of critical infrastructure, such as servers and networks. There are just so many things a business has to worry about. Cyber criminals are always coming up with new threats, so anti-virus software isn’t enough. Consequently, active endpoint monitoring needs to be happening around the clock.

So, why is an SMB limited in its ability to meet all of its technology needs in-house? One reason is management focus. Business owners need to focus on core competencies. They need to focus on running the business and producing revenue-driving goods or services in their area of expertise. Diverting focus to managing an IT team in-house may not be an ideal use of their time. It may also not be an ideal use of their skills. Additionally, resources are limited, and an SMB loses the advantages of economies of scale when it tries to do everything in-house. In a smaller operation, IT staff often need to focus on day-to-day functions, including putting out fires. This limits their time to think strategically and determine ways that technology can innovate and keep the business competitive in the longer run.

So what can an MSP offer that the in-house IT staff cannot?

A Managed Service Provider is staffed by IT practitioners whose sole focus is technology. Many focus only on specific industries. This means that your MSP organization is composed of individuals who have specialized experience and training in one specific area of technology such as cyber security, cloud computing or network infrastructure. MSPs also have the resources to invest in continuous training and professional development. That means keeping up with the latest developments in technology and emerging trends. If focused on one industry, they analyze competitive changes in that industry and how technology can provide strategic advantages for their clients. MSPs also can set aside time for attending conferences, webinars, and networking events to share knowledge and stay ahead in their field. They are also more likely to have the resources to provide their consultants with access to professional publications and newsletters.

Why is this so important? First, analyzing present problems and performing routine maintenance tasks isn’t necessarily “routine.” New threats and changes can create disruption in existing configurations. (Anyone who has downloaded a new software upgrade is aware of that!) Secondly, in-house tech staff, except for those in the largest organizations, are more task focused than strategic. This isn’t due to a lack of awareness of the value of planning and development. It is primarily a resource problem that is inherent to SMBs. Unfortunately, the result is that in-house staff may not be able to contribute at a strategic level, thus limiting the ability of the organization’s leadership to incorporate new technology into long term plans.

Infection protection: Nine steps to start protecting your company today

Infection protection: Nine steps to start protecting your company today

Malware is a generic term that covers all manner of software that is designed to attack your devices, applications, programs, and networks. It is software that has bad intentions. Yes, stealing. Either by directly pulling money out of accounts, or improperly acquiring data that ultimately provides access to funds. Example: Stealing your SSN and setting up a credit card to use that info, or convincing you to provide the password to your checking account. Others will snatch your organization’s data and hold it for ransom. As usual, it is all about money. What can you do?

Nine steps to avoid malware

1) Don’t go it alone – As a small- to medium-sized business, you have limited resources, all of which need to be focussed on running the business and planning for the future. That makes it difficult to direct an IT operation that has the depth to address all of the security issues you face. For example, a business owner cannot possibly keep up with the changes and details of tax laws. Doing it themselves, they would likely overlook important tax advantages or inadvertently break some IRS rule. As a result, tax preparation and accounting above the level of basic bookkeeping is outsourced to an outside accounting firm. You should consider looking at IT in the same way.

2) Pay attention to those update windows – Don’t procrastinate. Those update requests aren’t just for adding a new feature. Each update probably addresses some vulnerability in the software that could be exploited by a virus. You may also want to consider outsourcing this project. In a complex business, there is a long list of installed software that needs to be updated. An MSP can coordinate that project and handle any glitches that appear when an update is installed. Also, be mindful that if you permit BYOD- all of those remote devices are vulnerable if their owners neglect updates.

3) Multi-factor Authentication – It is getting tough to log into much of anything these days without hitting MFA. And for good reason. MFA is a tool that works to cut down fraud by asking for additional data to verify your password in order to gain access. Generally it involves entering a password then following up with a token you might be sent via text or email, or using a biometric measure, such as a fingerprint. An MSP can provide applications that can set up MFA to protect your data.

4) Create a strict backup policy and follow it – Data can get corrupted, lost, or stolen. Handling backups is more than just downloading data to a hard drive every evening. An MSP can provide you with the tools needed to handle backups appropriate to the needs of a business operation or take on full responsibility for the task.

5) Manage access – Who can look at what data? In a smaller business, we often just provide access to data to an employee or we don’t. Why? Because it is simple. Instead, tighten your security by segregating data access. Individuals get access only to the data needed as defined by their job description. Follow the Principle of Least Privilege. That is, each individual only has the access to accounts, databases etc. that are absolutely necessary for them to do their assigned tasks.

6) Train everyone on basic data security – Humans are still a very weak link in an organizations defense against cybercrime. Poor password hygiene and inattention to scams are the biggest concern for business owners. Here are some areas where training can help.

7) Identify phishing emails – These are mails that appear to come from legitimate sources, but are faked. Because the reader trusts the sender, they naively open a link that might be attacked which then downloads some forms of malware.

8) Prevent a “Lost” USB – Too often, individuals will find a USB drive left near a desk or dropped somewhere. The temptation to insert it into their computer to see what’s on it can be very hard to resist. This was part of what caused the Target data breach.Train employees to only insert company verified hardware into their computers.

9) Password etiquette – Define standards within your organization about acceptable passwords. An MSP can help you set up programs that require employees to create passwords that meet your defined criteria. Also, consider fostering a culture that makes the sharing of passwords a performance issue that will be addressed by an individual’s supervisor.

10) Take the step beyond anti-malware software – Anti-malware software is necessary, but it isn’t as proactive as one might want. Your MSP can design an endpoint detection and response solution.

So, what, exactly, is Malware?

So, what, exactly, is Malware?

Listen to the news? Read the internet? You know cyber crime is a very big business. Hackers and criminals are out there doing all sorts of nefarious things. Most generally, you hear that malware is some kind of virus that attacks your software programs, infects your hardware, and bungles up your network. But there are many different types of malware, just as there are many types of criminals–each with their own MO and bad intentions. In this e-guide, we will run through some of the major categories of malware, and then suggest 7 different ways you can work to protect your business from malware.

Malware defined – Malware is a generic term that covers all manner of software that is designed to attack your devices, applications, programs, and networks. It is software that has bad intentions. Malicious + Software= Malware. Hackers and criminals create malware for an array of reasons. Some may create it just to attack massive amounts of machines just to show that they can disrupt the cybersphere. Other malware may be created for political reasons. The major reason criminals create malware? To make money without earning it. Yes, stealing. Either by directly pulling money out of accounts, or improperly acquiring data that ultimately provides access to funds. Example: Stealing your SSN and setting up a credit card to use that info, or convincing you to provide the password to your checking account. Others will snatch your organization’s data and hold it for ransom. As usual, it is all about money.

FUN FACT: Before the internet, passing around malware to infect a PC meant a criminal had to find a way to infect a floppy disc and trick users into inserting it into their computer. One of the first was created by a high schooler in the early 80’s. It was relatively benign and just created a pop-up with a Seuss-like poem

“The program with a personality
It will get on all your disks
It will infiltrate your chips
Yes it’s Cloner!
It will stick to you like glue
It will modify RAM too
Send in the Cloner!”

Unfortunately, most viruses now have far more nasty intentions, and the internet has made it much easier for criminals to break in. No waiting for you to insert a disc drive to steal your data, disrupt your internal business operation, or take down your website. One bad click and you’re in trouble.

Malware is a general term and there are several types.

VIRUS – Like the pathogen we associate with human disease, a virus is a “piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.” Source: https://languages.oup.com/google-dictionary-en/.

A characteristic of a virus is that it requires the user to take some action for it to infect your hardware, software, network, etc. For example, inserting an infected thumb drive or clicking on a link found in an email.

ADWARE -Adware is less a type of malware than a symptom created by the infection. Adware invades and then drives the user crazy with endless pop-up advertisements.

WORMS – Similar to viruses, worms replicate and attempt to cause damage but they don’t require a user action. Worms find vulnerabilities or holes in code that allows them access.

TROJAN HORSE – Yes, named after the Greek myth, Trojans trick you into accepting something you want, but inside it has bad intentions. A trojan refers to the method the cybercriminal uses to get you to download a virus or other infected program, rather than the nature of the specific virus.

KEYLOGGERS – This is malware that can track your keystrokes. This particular malware’s goal is to track your keystrokes and identify passwords or credit card information, and then log into your accounts.

RANSOMWARE – If there was any malware that gets more media attention, we aren’t aware of it. And it deserves everyone’s attention. Unlike some other forms of malware, once this has invaded, there is very little you can do to eliminate the virus. Ransomware sneaks in, snatches your data and holds it for ransom. Unless you choose to pay the ransom fee, usually in some cryptocurrency, you are out of luck. In the specific case of ransomware, prevention is the key. Having clean backups of your data which are kept continuously up to date is about the only way to sidestep a ransomware attack on your data.

Thing to do this week to start protecting your customer data

Thing to do this week to start protecting your customer data

You have client or customer data in your possession. It is part of running your business in a digital marketplace. If that data is breached, it could permanently damage your reputation. We talked in an earlier blog about types of malware. There are many steps that you can take to protect your systems and data. Here are a few suggestions to protect your business from malware.

Consider a Managed Service Provider – Cybercriminals are very sophisticated and every day are releasing new, cutting-edge tools to attack businesses and individuals. Small- and medium-sized businesses do not have the resources to staff an IT department sufficiently to be aware of all the newest tools and technologies needed to protect a business. For example, a business owner cannot possibly keep up with the changes and details of tax laws. Doing it themselves, they would likely overlook important tax advantages or inadvertently break some IRS rule. As a result, tax preparation and accounting above the level of basic bookkeeping is outsourced to an outside accounting firm. You should consider looking at IT in the same way.

Updates – Always update your software. There will always be vulnerabilities in every bit of software that you use. Creators of software are constantly upgrading to close holes that could be exploited. Being attacked by malware because you are behind in upgrades is an avoidable error. That said, given the sheer volume of software applications accessing your network, you should consider outsourcing the administration and enforcement of this process.

Multi-factor authentication – Everyone is increasingly encountering MFA. This tool requires a second level of authentication in order to access an account or use a program. Generally, it involves entering a password then following up with a token you might be sent via text or email, or using a biometric measure, such as a fingerprint. An MSP can provide applications that can set up MFA to protect your data.
Access Control – You don’t give out keys to your house to everyone you know. Why allow all employees or vendors to access all of your databases or programs? Instead, follow the Principle of Least Privilege. That is, each individual only has the access to accounts, databases etc. that are absolutely necessary for them to do their assigned tasks.

Backups – Everyone knows they need to do backups, but handling these is more than just downloading data to a hard drive every evening. An MSP can provide you with the tools needed to handle backups appropriate to the needs of a business operation.

Employee education-This one cannot be emphasized enough. The individuals in your organization are your first and most critical line of defense against malware. As mentioned above, many types of malware need user action to get into your systems.

Here are some areas where training can help.

Phishing emails. These are mails that appear to come from legitimate sources, but are faked. Because the reader trusts the sender, they naively open a link that might be attacked which then downloads some forms of malware.

“Lost” USB. – Too often, individuals will find a USB drive left near a desk or dropped somewhere. The temptation to insert it into their computer to see what’s on it can be very hard to resist. ( This was part of what caused the Target data breach)

Password etiquette – Define standards within your organization about acceptable passwords. An MSP can help you set up programs that require employees to create passwords that meet your defined criteria. Also, consider fostering a culture that makes the sharing of passwords a performance issue that will be addressed by an individual’s supervisor.

Endpoint Detection and Response ( EDR): This is a solution an MSP can provide you with. At its basic level, EDR is a proactive approach to anti-malware software. EDR constantly looks at all of the endpoints in your network, tracks behaviors and identifies anything out of the ordinary. For an individual, anti-malware software may be sufficient. For a business that has multiple endpoints, this is not sufficient. ( Think dozens of employees connecting remotely via their own computer or smartphone). In a sophisticated business’s IT infrastructure, there are many endpoints which need to be evaluated.

In summary, there are many ways that an SMB can approach defending itself against malware. Some of these, such as employee training, can easily be done in-house. Others require a depth of experience that only your MSP can offer.

Your business runs on data, but so do the cyber criminals

Your business runs on data, but so do the cyber criminals who want to steal yours

One very painful truth about running a business is that you possess data that is attractive to criminals. There is no avoiding that reality. You have data. They want data. It is an ongoing challenge to maintain data security as cyber criminals’ efforts evolve and change on a daily basis. The wall that kept you safe last week may have holes in them today. Keeping up with the latest threats is a specialized field that in-house IT support likely doesn’t have. An MSP can provide the support you need in the face of ransomware threats and other malware. Also, an MSP can provide 24/7 monitoring.

Speaking of data security, brand damage isn’t the only issue with data security breaches. In many cases, there are data protection laws that regulate how you secure personal information. In specific industries there are federal, state, and even overseas regulations that set standards for data protection. How you choose to protect data may be out of your hands. MSPs have the experience and knowledge to address compliance management. For example, there are a number of data protection laws (HIPAA, FERPA, CA Privacy Act, GDPR, FTC Safeguards Rule) out there that not only provide penalties if a data breach occurs, but also mandate specific protocols to better ensure your data is protected. Avoiding a data breach isn’t enough. Some of these protocols can be quite demanding and some require periodic testing and are subject to audits. Samples of the types of requirements mandated by some of these laws may include.

  • Designating one individual to oversee data protection and security
  • Conducting a risk assessment – This means analyzing what data you possess , where it is stored, and in what ways it is vulnerable.
  • Creating safeguards to address all potential areas of vulnerability
  • Designing and documenting tools to secure your data and tracking access
  • Tracing the location and security of all data whether it is at rest or in transit.

Not only do you have to set up protocols, you may have to prove they are operative and be subject to audits. All of this can be extremely distracting to a small business.

Another area related to data security is the issue of backup and recovery. So much can go wrong. There is nefarious activity: criminals actively trying to break into your data and steal it. There is human error: individuals taking actions that accidently delete or damage data. And of course, hardware can fail and software can have bugs. And, if not done correctly, backups may be infected and be of little value.

An MSP can design backups that are continual and are protected at an offsite location.

More importantly, it isn’t enough to know your data is safe if something happens. Your business is dependent on using that data. Losing a day of access can cripple your business. That means planning for recovery in case something happens. How will you transition to another mode of data access? Your customers expect 24/7 availability. An MSP can develop recovery plans that work to ensure your operations see minimal disruption in the event of a failure.

Strategic IT planning for your business

Strategic IT planning for your business

One thing that the best MSP can do is become a strategic partner. Your expertise is your industry, business, or profession. Trends and innovations in technology aren’t your focus. However, your business can benefit from some long-term strategic planning in terms of the technology you will deploy to remain competitive. New technology will offer new opportunities. An MSP who has experience in your industry can become a partner. After taking the time to learn your business, your goals, and the competitive field in which you operate, an MSP can take a seat at the table of your business planning. At the highest level, this is where a skilled MSP becomes a significant asset as your business grows and faces new market challenges.

Additionally, An MSP can help with other parts of your IT infrastructure to protect your data as well as facilitate more effective collaboration internally as well as with clients. Here are three examples.

Backup and recovery

Another area related to data security is the process of securing your data in the event of theft, a hardware or software issue, or even a natural disaster that cuts access to your data’s physical location. Backing up your data needs to involve a lot more than running nightly backup to an external drive. That may be ok for your home laptop, but it doesn’t cut it if you want to protect your business data. An MSP can support continual data backup to offsite locations. This means at any point there is a system failure or breach, all of your data remains secure at one or more distant locations. Backup also includes recovery. Having your data safely stored in the event of a disaster isn’t enough. Your business will need continuing access to that data. An MSP can develop recovery plans that work to ensure your operations see minimal disruption in the event of a failure. Also, clean backups are critical for avoiding the consequences of a ransomware attack. Poorly handled back procedures can leave your data vulnerable,

Cloud Services

The decision to use cloud services is closely related to data security and cybercrime. Locating all of your data and software applications physically in your own location may seem like the safest thing to do, but that may not be correct. If you utilize cloud storage, you can maintain access to that data from any location. If a natural disaster or other emergency limits access to your physical locations or disables it, your business and employees can access the data from anywhere. Also, the cloud offers economies of scale. To maintain sufficient capacity to meet peak times, maintain all of the necessary hardware and software, and monitor it 24/7 involves considerable in-house labor and capital expense. Migrating to the cloud means you share those fixed costs with others. An MSP can handle selecting and designing a cloud solution most appropriate to the needs of your specific industry and business.

Unified Communications

Unified communications is a service that pulls together the different channels your employees and clients use to collaborate, sell, communicate, etc. Unified communications systems have many moving parts. Encryption, data security, ease of use, cross platform support as well as other support services can create a communications system that works for everyone, no matter what channel they choose to be using.

Like it or not, your business relies on technology

Like it or not, your business relies on technology

Technology isn’t just something used by Silicon valley firms and large corporations. Even the smallest start-up is now reliant on technology and the virtual marketplace. A business cannot function without operating in the digital world. At the very least, it means having a website, a social media presence and an online database of customers and prospects. Most likely it means conducting business online, which means you’re responsible for the security of client data: names, credit cards, addresses, and probably more information. Much of that information may be personal Information that you have an obligation to keep secure. That duty brings along many challenges because cyber criminals and even benign human error could mean that data is compromised. Data breaches can bring litigation, possible regulatory sanctions, and very importantly, damage to your brand and reputation. Because so much rides on the stability and security of your digital infrastructure, serious attention has to be paid to data security protocols. The problem is, tech is a complex and specialized field that most small businesses owners have little time to focus on. And spending time trying to understand and maintain an IT infrastructure means siphoning off attention to the operation of your business. That is why a Managed Service provider can be a lifesaver for a small business.

A Managed Service provider is an IT consultant that can provide some or all of the support you need for your IT infrastructure. They can provide help with specific issues–migrating data to the cloud, setting up new software and hardware, designing data security protocol, etc,. They can also become a strategic partner. That means they team with you and learn your business goals and plans and help you understand how new and existing technology can help your business expand. They can use their expertise to guide you to new technologies and digital applications you might not be aware of.

Also, you can sign a service contract with an MSP. At the most basic level, a service contract will mean that if you need emergency tech support, you have priority. Otherwise, you will be at the bottom of the list if something goes wrong.

Finally, let’s consider strategic planning. Your business isn’t static, It will grow in volume, it will expand its product and service lines, and it will move into entirely new, unfamiliar markets. There may be new technologies and applications out there that you are unaware of. If you overlook them and your competitors don’t, you can begin to lag behind. You need long-term strategic planning in terms of the technology you will deploy to remain competitive. New technology will offer new opportunities. An MSP who has experience in your industry can become a partner. FInd an MSP who will partner with your business and learn your operations and your future plans. In that way they don’t just support the IT you have now, they become a key voice in strategic planning for future growth.

 

How Can an MSP Keep Your Business Safe?

How Can an MSP Keep Your Business Safe?

Are you a small- or medium-sized business that is in need of a more complete, dependable IT solution to support your business than you presently have? When your main focus is running your business, everything else becomes an afterthought. Other support operations tend to take a backseat. However, your business depends upon a reliable, stable “always running” IT infrastructure and you probably find that isn’t always the case. Even if you have an in-house staff, it isn’t large enough to put out fires and handle strategic planning and provide 24/7 support when something goes wrong. That is why many businesses large and small rely fully or partially on the support of a Managed Service Provider (MSP).

So what are the typical services available from an MSP? There are many different types of support that can be provided to clients. In this e-guide we will break them down.

Managed IT Services

This is the overarching set of services that define the purpose of an MSP. Generally, a business will sign a service level contract with an MSP for a set of defined IT services for a period of time. One advantage typically derived from such an agreement is that the contract provides that you get 24/7 emergency support with priority. Typically, if you have a crisis and call a provider, the non-contract clients take a lower priority. This can mean longer down times and those mean revenue losses. Also, your contract with an MSP means that you can do a better job predicting your IT expenses into the future, and predictability is always a benefit for any enterprise.

Cyber Security Services

One specific area of expertise that everyone needs, no matter how small the business, is up-to-date, ongoing protection against data theft and cyber crimes. An MSP can bring a depth of knowledge that is difficult to create in-house. Ransomware and data theft are rampant. Cyber criminals attack businesses of any size ( in fact, small ones can be more vulnerable. And smaller businesses often don’t have the deep pockets to recover from the revenue losses of a cyber attack). This is a very specialized sector of IT management where businesses frequently choose to use the services of an MSP because of its complexity. Also, keeping up-to-date with the latest malware, and handling 24/7 monitoring can be very labor intensive if done in-house.

Compliance Management

  • There are a number of data protection laws (HIPAA, FERPA, CA Privacy Act, GDPR, FTC Safeguards Rule) out there that not only provide penalties if a data breach occurs, many of them mandate specific protocols to better ensure your data is protected. Avoiding a data breach isn’t enough. Some of these protocols can be quite demanding and some require periodic testing and are subject to audits. Samples of the types of requirements mandated by some of these laws may include.
  • Designating one individual to oversee data protection and security
  • Conducting a risk assessment – This means analyzing what data you possess, where it is stored, and in what ways it is vulnerable.
  • Creating safeguards to address all potential areas of vulnerability
  • Designing and documenting tools to secure your data and tracking access
  • Tracing the location and security of all data whether it is at rest or in transit.

An MSP can be a critical resource in designing these safety measures and ensuring your company is in compliance and remains so. Handling compliance issues and audits can be a big distraction when you are trying to run your business and drive revenues.

Passwords They seem to have been with us forever

Passwords: They seem to have been with us forever.

As we continue to suggest things you can do to protect the integrity of your company and customer data, here is a blog that covers an old level of security that we still rely on everyday. That protection is the password, so let’s talk about bedding up your employee’s handling of passwords.

Password hygiene – Passwords remain the most common everyday tool to ensure only authorized personnel have access to secure material. The issue is that passwords need maintenance and attention to be effective. Here are some common problems to avoid. And again, this requires a routine employee training program.

  1. Passwords that are too simple
    Simple passwords are easy to remember but easy to crack. Words, in any language, are not ideal either. That is why many sites require a mix of letters, characters, and numbers. And yes, some people are still using Myname123.
  2. One universal password
    Sometimes people find it difficult to remember multiple passwords for various files and applications, so they use a single good, strong password everywhere. This renders the good password virtually pointless and also increases the amount of damage that can be inflicted in the event that one ‘good’ password is compromised.
  3. Unauthorized password sharing
    Generally done with benign intentions, employees often share passwords for convenience or to expedite handling the sharing of data. Not good.
  4. Writing down passwords
    Sometimes, people follow all password best practices but find it difficult to remember complicated passwords and then write them down on a piece of paper or worse still, make a file containing all the passwords and store it in their email or computer. This is almost like giving away the keys to your property to a burglar.
  5. Forgetting to change passwords to change passwords or revoke access.
    This is an issue where the staff is busy and turnover is high. Managers may fail to remember to change the passwords once a staff member quits, leaving company data vulnerable. This is especially likely in a small company where there may not be a centralized IT staff that oversees data security and access.

Remember, having a password is not sufficient. Having the right kind of password and following good password hygiene is.

Multi-factor Authentication (MFA) – When a password isn’t enough, the next step to improve security is MFA. MFA layers a second authenticator (e.g. another code, picture) etc.) on top of the password requirement. The idea is that if a password is being used by someone not authorized to do so, they won’t be able to provide the second piece of information. Consumers almost always encounter it when accessing financial services sites, but MFA is becoming more common across the board. If you use a credit card at a gas station, that request for your zip code after you insert your credit card is an example of MFA.

Prying eyes: Keeping your data safe

Prying eyes: Keeping your data safe

Even the simplest business possesses data that is proprietary and confidential. Customer and prospects lists, sales data, and personal data about customers such as their credit cards, names, addresses, birth dates. Maybe even medical information or social security numbers. If any of this data is compromised, you could face legal and reputational consequences. It is important you stay vigilant in making sure this data is as safe as it can be from cybercriminals.

If you have extremely confidential data, it may be important to use methods to address physical access. Should your server rooms be key-coded or require biometric access? Access codes for physical entry to a room are relatively simple to install. However, passcodes are pretty easy to steal or they can be shared by employees. In addition to limiting access they can also identify when and who accessed a secure location. One step beyond passcode entry is biometric authentication. Examples of biometric tools are fingerprint, iris or facial recognition. The advantages to these are clear. They cannot be easily stolen and for the user, there is no passcode to remember or a keycard to lose. An MSP can provide guidance about how to go about installing a biometric authentication system to secure specific locations.

On the other end of the spectrum, there is one excellent tool out there that can protect against one of the most common tricks criminals use to get into your data banks. That tool is employee training about phishing emails and fake websites. Phishing emails, the emails that trick you into opening a link that has been corrupted, remain a tried and true method for cybercriminals. What is the best defense? Employee training on how to avoid falling into the trap. The simplest maxim to remember? If in ANY doubt, don’t open a link. If there is any reason for suspicion, delete the email and forget about it. Also, look at the email address of the sender. Is it legitimate or is it misspelled or have a few extra characters or numbers that aren’t familiar.

What about the usage of passwords? Passwords can be hacked and stolen. there is another tool available to make passwords safer. You can make passwords more secure using multi factor authentication(MFA). MFA is pretty simple. It requires a second level of verification to prove that the password is being used by the individual authorized to use it. Examples of MFA are ATM machines that require a card AND a password. MFA very commonly requires the user to submit a code that is sent to another platform. (You’ve probably encountered this one if you use online banking)
Also, update your software. Immediately. Whenever you get an alert to update anything. Do it then. Don’t put it off until tomorrow because this update may have been released to address a recently discovered threat. This is a very simple thing to do and will offer significant protection. Additionally, your Managed Service provider may offer clients a subscription to day zero alerts. These are texts or emails that are sent out whenever a new virus or vulnerability has been discovered.

Among those firms who take risk management seriously, there is a growing awareness of the need to consider some manner of insurance to protect against the costs of cybercrime. When all else fails, and your data has been breached, how can you protect your business financially? Standard commercial property insurance policies do not generally include provisions for the damages from cybercrime. In a growing number of commercial policies, they are specifically excluded. As a result, executives who recognize the catastrophic damage that a cyberattack can inflict on their business are looking at cyber insurance to transfer the financial losses to a third party. However, there are some pretty deep weeds to get into when looking for a cyber insurance policy. Just for one example, some policies may create requirements and security standards you must meet before an event will be considered a covered loss. A Managed Service Provider can offer guidance into whether this is an avenue to explore.

In conclusion, there are several tools that you can use to protect your data from cybercriminals. They range from the very simple to the highly sophisticated. Your MSP can be of help in adopting any or all of these tools. From providing employee training all the way to biometric solutions.