Does your small to medium-sized business have what it takes to manage IT efficiently and effectively?

Even before the COVID-19 pandemic, the work from home business model had been gaining popularity. Today, most businesses have adopted this mindset or at least a hybrid model of working from home a few days a week. As workers continue to work remotely, IT organizations face additional challenges including security threats, help desk overload, and increased costs.  

A few things to think about to assess your IT support needs:  

What does your current IT support look like?  

There are typically three answers: You have a dedicated IT employee, an employee(s) takes on IT work as a second responsibility, or you outsource your IT support. Whatever the plan looks like, you want it to be reliable and efficient so there are no implications to productivity.  

A managed service provider (MSP) would be able to take on IT management so your company can focus on its main objectives. An MSP is a company that offers IT support and tech support services on your behalf. The services they provide are customized to your organization’s IT support needs and can include 24/7 helpdesk services, network monitoring & management, cyber security protection, backup & recovery, and cloud management & migration. Managed service providers will work with different vendors to give their customers the best assistance. 

What are your current response times?  

Response times depend on how big your company is, the number of in-house IT employees, and how complex each IT issue is.  

When outsourcing your IT management to a managed service provider, the company can proactively monitor your networks and systems to prevent IT issues from happening in the first place. Whereas without preventative remote monitoring, your IT person only knows there is a problem after it occurs.  

In addition, your IT person goes home at the end of the day and takes sick days, vacations, and time off for holidays. A managed service provider can remotely monitor your networks 24/7, 365 days a year. With a larger team available, MSPs can track assets, hardware health, networks & servers, bandwidth & connectivity, and IT inventory management. 

Can your IT support remotely monitor and perform maintenance?  

With employees working from home, it is important to be able to monitor and perform maintenance virtually. No matter where your employees work, you can rely on a managed service provider helpdesk to resolve issues as quickly as possible so your team can focus on their jobs, not their IT issues.  

How are you ensuring your systems are secure?  

Unfortunately, your company’s network is always at risk of falling victim to cyber-attacks (read more from our blog post on cybersecurity), but this risk increases as employees work from home and connect to their internet.  

It is more important than ever to partner with a managed service provider to ensure you have the highest level of security. MSPs can help your company prepare for cyber-attacks with backup & recovery planning, proactive monitoring of threats, 24/7 helpdesk, security awareness training, network security updates, and much more. 

How are you backing up your systems?  

All companies experience system failures and data loss. It is crucial to have a disaster recovery protocol. managed service providers can help ensure your data is safe and secure when failures occur by offering services such as end-to-end encryption, device & file-level backup, productivity cloud apps (like Microsoft 365), and local or virtual backup solutions. 

Closing thoughts:  

Running a business comes with many risks and headaches. Working with a managed service provider can keep productivity up, prevent issues from occurring and get you back up and running ASAP.  

As a trusted Minnesota managed service provider, Now Micro is here to help with your business’s IT support. For additional information visit our Managed Services page. 

Users: Your largest and weakest attack surface

October is Cyber Security month! When you exclaim that this month’s focus is security to most admin and IT stakeholders, you’re likely to receive a chuckle or an eye roll. They know the truth of the matter. Our mindfulness of security can’t be limited to a singular month. 

It’s an ongoing process that literally never ends.

Who then is Cyber Security month for? I’ll give you a hint. They interface with your organization’s data, devices and services daily and often don’t regard security as their first or even third priority. You got it; Cyber Security month is all about making your users more aware of the threats your organization faces.  

We often spend a lot more time discussing our plans to harden servers, implement new identity security policies or protect our users’ credentials with MFA. Don’t get me wrong, those things are essential in today’s world, but it’s hard not to notice a gap in those strategies. That gap is the users.  

Most experts estimate that 70% – 90% of malicious breaches start with or include some form of social engineering. Our users are every organization’s largest attack surface and softest target. Bad actors know this and are increasingly aggressive and cunning in their attempts. Every user holds something a bad actor would like to get their hands on. 

Take a user who doesn’t need access to any data or systems but needs email to communicate. If that user leaks credentials, it can still be a treasure trove for a bad actor in the form of a global address list harvest or intel derived from exfiltrated emails that allows them to refine and target spear-phishing attempts. When we read about a large breach in the news, we often picture a group coordinating an attack to launch all at once when it’s far more likely that attack started very small and happened over time.

So how do we go about hardening our users? It would be nice if we could just apply a patch or update their firmware, but a more tactful approach is needed. We believe that process is three-pronged.

Communication

Your organization culture around communicating anything IT-related is very important and often overlooked. 

Simply making your users aware of the current threats and where to report them can go a long way to thwarting social engineering. Be consistent with your communications. Set up a shared mailbox so multiple crafting IT-related messages can appear as one unified voice. Apply templates to your emails, so the appearance is consistent. Be concise; not enough or too much information can be harmful. Stick to the who, what, why, and how of the threat. Don’t forget to include where a user should go to report social engineering attempts.

Training

This can mean different things depending on the size of your organization. In smaller organizations, it may mean taking 10 minutes during a company meeting to show examples of social engineering attempts. In larger organizations, it may mean contracting a professional trainer to speak to individual business units or even training leaders in those units to talk about threats to their teams.

Attack Simulation

The benefits of a simulated penetration test against our networks are obvious, but we can also apply this approach to our users. An attack simulation targeting your users with social engineering or a fake malware payload will not only give your organization an idea of its vulnerabilities but is also one of the best ways to raise your users’ awareness. The approach of an attack simulation with training and communication as a fast follow can grab your users’ attention far better than any of these components on their own.

How do I simulate attacks? 

Just like network penetration testing, there are plenty of tools to help you launch attack simulations and parse the data you receive.  

  • Microsoft 365 Defender P2 – If you happen to have Defender P2 or an M365/O365 A5/M5/E5 plan, you have a very robust set of tools for simulating attacks.
  • Choose from a wide variety of templated attacks that help target specific business units, just like a seasoned spear-phisherman.
  • Simulate malware payloads and malicious links with a variety of different delivery methods.
  • Automatically assign pre-built training modules to users that click malicious links or input their credentials.
  • Robust after-action reporting to help you know where to invest in training.   
  • Now Micro Security Awareness Training – If you don’t have Microsoft Licensing, you’re not out of luck, Now Micro has the tools to simulate attacks against your Microsoft or Google environments.
    • Phishing Security Tests
    • Automated Security Awareness Program
    • Security Hints & Tips
    • Automated Training Campaigns
    • Phish Alert Button (Ability to report & delete phishing emails)
    • Phishing Reply Tracking (Track if a user replies to a simulated phishing email & what information)
    • Industry Benchmarks
    • Monthly Email Exposure Check: Monthly reports show which email addresses are exposed on the Internet and are a target for phishing attacks

Recognizing the growing need to protect all your endpoints, including your users, is our focus at Now Micro.  If you have any questions or would like our help, visit our Managed Services page on our website.

Are you prepared for IT threats?

Many things cause a business owner to have nightmares — at the top of the list is a computer failure that stops operations in its tracks. Unfortunately, no company is immune to the threat of data failure. Recently, for retail giant Target, the fear became a reality as nearly every register in all stores throughout the United States went down.

Fortunately, the system outage only lasted two hours. But, that two hours of downtime cost Target roughly $50 million in lost sales and caused their stock shares to drop by two percent. In reality, Target’s ability to go from a catastrophic outage to getting back online in such a short time is a huge accomplishment. With significant IT infrastructure in place to respond, the company could investigate the problem, determine that there had been no data breach, and reboot all systems to full operation quickly. For the company, assuring that no data had been compromised was vital. In 2013, a data breach affected 41 million customers and resulted in a legal settlement costing them millions.

How you protect your data is critical to the success of your business — no matter your size. For a health organization, your data includes detailed medical and insurance information. There are endless client files and records for law offices, financial planners have high-level access to sensitive financial portfolios, the list goes on. No matter the industry, data is critical. In many cases, data security methods are heightened by legally mandated regulations like HIPAA and PCI.

Be Prepared

So, how do you protect your company from cybersecurity threats and data failure? Target spends hundreds of millions of dollars each year. The key is to find an affordable technology partner who you can trust. As seen in the Target event, data issues and cyber attacks don’t only happen during business hours. You have to be prepared to respond 24/7. At Now Micro, we make it a priority to be available when the need for help arises. Our service desk technicians answer the phone live 24 hours a day. But that is only a tiny piece of your Cyber Security response plan. Most of our work occurs before disaster strikes. We help ensure that you have up-to-date systems needed to prevent an attack or data failure and back-ups in place when an attack occurs.

Your Industry Needs

Although all industries need comprehensive data and cybersecurity infrastructure, the needs vary depending on the types of data stored and industry-specific regulatory requirements. Here is a shortlist of how Now Micro customizes our services to serve the cybersecurity needs of different industries:

 Manufacturing

We protect your intellectual property — the core of your ability to be profitable for the long term — and put in place processes to ensure the reliability of manufacturing operations.

 Healthcare

HIPAA and other compliance requirements are critical in the healthcare industry. We address these needs and ensure brand protection, secure connectivity, and offer a unified security platform.

Small and Midsize Businesses

Each small and midsize business has its own unique needs, with expense management a key factor. Therefore, we provide affordable options, giving you access to the same level of expertise that large companies have at their disposal.

Retail

In a retail operation, the ability to continually process transactions without hiccups is critical. We help you ensure the reliability of your POS system while also assisting with compliance needs.

Law & Finance

Legal and financial institutions/advisors need to secure sensitive data and are subject to intense compliance regulations. We help ensure all needs are met and a backup system in place to allow recovery in the event of a data attack or failure.

Ready to Serve

Information technology and cybersecurity are overwhelming topics, but they don’t have to be. Click here to learn more about our comprehensive IT and Cyber Security services. Give Now Micro a call today, and we can work together to define a plan that meets your needs so that you can relax knowing that your business is well cared for.