Co-managed IT services model is one in which the business has its own IT team, but still contracts with an external managed services provider for certain services. In this blog we discuss four benefits of a co-managed IT services model.

Expertise
Your in-house IT team may not have all the expertise needed to manage all your IT requirements. There are new developments happening in the tech space everyday and an MSP is better positioned to stay up-to-date with them as IT is their business.

Flexibility
Opting for a co-managed IT services model allows you the flexibility to scale your IT up or down based on your business requirements. This is especially useful for companies that experience seasonal spikes in their business, such as CPA firms, around taxation times, or retail businesses around the Holidays. You don’t have to hire new IT staff to handle the sudden extra load on your IT.

Lower costs
Choosing a co-managed IT services model saves you costs that you would otherwise incur when hiring new IT staff. Bringing someone on your payroll involves HR expenses including health insurance, 401 (k) etc., which can be avoided when bringing an MSP onboard.

Help your IT team focus better
Research indicates that in companies that have an in-house IT team, their IT specialists are so caught up with the day-to-day IT tasks that they don’t have the time to focus on new technology. Tasks like security patches, software updates, backups etc., keep them busy, so they don’t get time to research or learn about the latest on the tech front. This defeats the purpose of having an in-house IT team, doesn’t it? If you could have your MSP take care of the mundane IT routine, you will be enabling your in-house IT technicians to focus on new technology, which will help you become more efficient as a business.

If you already have an in-house IT team, it is not unusual to think you don’t need the services of a managed services provider. But, as you can see, co-managed IT has its advantages and you shouldn’t strike an MSP off your list completely just because you have your in-house IT technicians.

Do you have staff working from home? Of late, due to the Coronavirus crisis a lot of businesses shifted to the remote working environment. While it raises some data security concerns, they can be overcome by following a few best practices.

Formulate rules
You can start by formulating rules that define the extent and manner in which personal devices may be used for work purposes.

  • Who are allowed to use personal devices for work?
  • Spell out the regulations that they must follow. For example, regular checks for malware and updates to anti-malware software, etc.,
  • If there are restrictions to the device type, software or operating systems that may be used, out of security concerns, then that should be addressed.

Focus on the 2 Ts of cybersecurity

  • Train your staff: The first T is training your staff on how to identify IT threats and cybercrime activities that they can be a victim of. Examples include phishing emails, dubious attachments, clone sites, etc., Another area to train your staff is free/public wifi. They need to know that public wifi can be a gateway for hackers and cybercriminals into your system. Accessing emails from the airport’s waiting lounge or the mall’s food court, can expose your business to IT threats.
  • Teach good password hygiene: This is the second T. Help your employees understand how important password strength is. They should be able to identify weak passwords and steer clear of them. Also, they need to know that no matter how urgent the situation seems, password sharing is not acceptable. Similarly, mistakes such as repeating the password for multiple accounts, not changing the passwords frequently, etc., can make a cyber criminal’s job easier.

Keeping things under control

You can conduct monthly audits of the devices your employees will be using for work purposes. Arrange for regular security patch implementation, firewall installation and software updates. Install quality anti-malware software, firewalls, and make sure email security systems are in place. Even in the remote environment, you can ensure appropriate data access through role and permission-based access control measures.

All of this may seem new, and tedious, especially for businesses that are looking to recover from the effects of the on-going pandemic, which is why it is a good idea to team up a managed services provider to help set up a strong, secure, work-from-home environment for your business.

The Coronavirus crisis has changed the world as we know it. With social distancing, lockdowns and work from home becoming the new normal, cyber criminals are exploiting the situation to their gains. This whitepaper discusses how the cyber crime landscape is likely to shape up in the post-pandemic world and how businesses can safeguard themselves against it.

One of the reasons for a sudden spike is cyber crimes is the work-from-home model that is increasingly becoming the norm. When you allow remote access to your data, you are virtually opening your IT infrastructure to criminals–unless you have the right security measures. It is easy for malware and hackers to get into your system and corrupt it unless you have the right measures in place.

With employees operating from home, there are a lot of loopholes that cyber criminals target. Some of them include

Lack of knowledge
Most employees don’t realize how their simple actions or non-actions can contribute to a cyberattack that can bring your whole business down. For example, they may unwittingly end up compromising on your business’s data security by sharing passwords, not using a good antivirus software or using the public WiFi to access their emails, etc.,

It is more difficult to oversee IT operations
With teams working remotely, it is difficult for businesses to manage their IT efficiently. Installation of security patches, anti-malware tools, data backups, etc., are all more difficult now.

Working from home offers businesses a lot of benefits in terms of cost savings, employee satisfaction and flexibility. But, it also raises a lot of questions from the IT security perspective. When opting for the work-from home model, it is important to clearly define the IT policies and put them into practice. You could partner with an MSP who specializes in cybersecurity and remote workspace management to help you formulate a safe, remote working environment.

The dark web is essentially a marketplace for cybercriminals. If your data has been compromised, the dark web is the place where it is traded. It could be sold by miscreants, to miscreants, who can later hack into your system or extort money from you to prevent a data leak, and so on.

What can be the implications for your organization if you are on the dark web?

If your data is on the dark web, it puts your business and your customers at risk. For example, as a business, you possess a lot of the Personally Identifiable Information (PII) of your customers, which, if leaked can even shut down your business by

  • Attracting lawsuits that require you to shell out large sums of money in the form of fines or settlements
  • Causing serious damage to your brand
  • Resulting in the loss of customers and new business

What are dark web monitoring services?

One way to mitigate the risks of the dark web is by signing up for dark web monitoring services.

As a part of the dark web monitoring service, a company may keep an eye out for any information you specify or that is related to you that may be present or traded on the dark web. There are various avenues where such information may be made available on the dark web. Examples include

  1. Chat forums
  2. Blogs
  3. Social media platforms
  4. Online marketplaces (Dark web’s equivalent of eBay or Craigslist)

Another service offered as a part of dark web monitoring includes vulnerability alerts. On the dark web, there will be entities who will be willing to give away information about vulnerabilities in certain systems/software for a price. A company that offers dark web monitoring will keep an eye out for such information and alert its customers of such threats.

Companies offering dark web monitoring services may also be able to offer you industry insights, trends, and benchmarks that can help you proactively tighten your cybersecurity.

What you can do: Safeguarding your data against the dark web

With dark web monitoring services, you will know if there has been a data breach. Let’s say you come to know your e-commerce website’s user IDs and passwords have been stolen, or your customer’s credit card data has been leaked via your database, you can take the necessary steps to mitigate a possible ransomware attack or data leak before it happens. But, that’s reactive. That’s damage control after the damage has been done. While dark web monitoring services can warn you if your data has been compromised, here are a few things that you can do to keep your data safe in the first place.

Password hygiene

Follow good password hygiene and industry best practices. Establish clear password policies and rules and regulations regarding password sharing. For example, discourage the use of the same passwords for multiple accounts or use of passwords that are too simple or obvious such as user’s name, date of birth/date of joining organization or numbers in sequence, etc, establish policies regarding password update at regular intervals.

Train your staff

Train your staff to identify spam, phishing, and other malware traps. Conduct tests and mock drills and re-train those who don’t pass them. Provide updates when there’s a new threat in cyberspace that may affect you.

BYOD policies

If you allow your employees to bring their own devices to work, establish a clear BYOD framework that will help you manage the risks associated with this setup.

Access permissions and roles

Establish different user roles for your staff and give them role-based data editing, copying or sharing permissions, so that each employee only has as much access to information as they really need.

Being exposed in the dark web can be exhausting, scary, and life-threatening to a small or medium-sized business. Teaming up with an MSP who specializes in cybersecurity or offers dark web monitoring services can help keep you safe.

Have you come across the term, dark web, recently? As a business, you might have heard that you need to keep your data safe from the dark web. So, what is the dark web anyway? Read on to find out…

What is the dark web?

The cybercrime landscape is evolving fast. The “Nigerian” email scams are now old. Cybercriminals are smarter and more organized now–almost functioning like professionals. In fact, there’s a sort of a parallel universe where they all operate in a very corporate-like manner. And that parallel universe is called the Dark Web.

The surface web, the deep web and the dark web

Essentially, the internet can be categorized into 3 parts.

  • The surface web, which includes your ‘regular’ websites–the kinds that just show up on web searches. For example, you type, Dog Videos and links to a bunch of dog videos on YouTube shows up. YouTube, in this case, is an example of the surface web.
  • The deep web, which shows up in web searches, but requires you to log in to view specific content. For example, your internet banking page or your netflix subscription.
  • Then comes the dark web.

The dark web is part of the internet that isn’t visible to search engines and requires the use of an anonymizing browser called Tor to be accessed. The dark web offers anonymity and hence is the hub for all sorts of illicit activities in today’s internet age. Strictly speaking, the dark web typically hosts illicit content. The kind of content that you find in the dark web include

  • Credit card details, stolen login credentials for something as serious as internet banking accounts to something as trivial as Uber or Netflix,
  • Contact details/communication platform for striking deals with hitmen, drug dealers, weapon dealers, hackers, etc.,
  • Marketplace to buy malicious codes to help corrupt or jam IT systems and even RaaS (Ransomeware as a service!)

All of the above and more, for a fee of course. In short, the dark web is like the underworld of the internet. So, how does it concern you, and why do you need to steer clear of it? Read our next blog post to find out.

In our last blog, we discussed 2 of the 5 important IT checklists that every SMB should have. In this post, we cover the other 3, namely, IT training, Data Backup, and BYOD checklists.

IT Training checklist

Your IT staff is not the only one who needs IT training. Everyone in your office does. An IT training checklist serves as a good process document for any new staff or for any staff working on new hardware or software. Following the IT training checklist can help cut down the learning curve, and ensures the hardware/software is leveraged in the best possible way, thus making your staff more efficient. Here’s what your IT training checklist can offer.

  1. Rules and regulations regarding software and hardware use
  2. Links to user manuals/instruction videos with how-tos for the software and hardware in use
  3. Information about whom to contact if there’s a need for troubleshooting
  4. Training schedules for each hardware/software, cyberthreats
  5. Information about whom to contact if there’s a perceived cybersecurity breach

Your IT staff is not the only one who needs IT training. Everyone in your office does. An IT training checklist serves as a good process document for any new staff or for any staff working on new hardware or software. Here’s what your IT training checklist should contain.

Data backups checklist

There are a number of factors that can affect the accessibility and quality of your data. Data backups are key to ensuring your data is not lost. You should maintain a checklist or a policy document that covers this aspect. Your data backups checklist should cover

  • What are the different data sets that need to be backed up
  • How often do each of those data sets need to be backed up
  • Where (location/device) will the data backup occur
  • How will the data backup happen
  • Who will be responsible for the data backup

BYOD policy checklist

In the current business environment where companies allow their employees to use their own devices for work purposes, a BYOD (Bring-your-own-device) checklist is a must. This checklist should answer questions like

  • Who is allowed to bring their devices to work (employees of some departments that deal with sensitive data like, the HR/accounts may not be allowed to do so)
  • What kind of devices are allowed/approved? For example, you can specify a version below which a certain OS may not be allowed, as it may be outdated, exposing your entire network to any security threat that it may be vulnerable to
  • Who is responsible for ensuring the security patches and antimalware protection is up-to-date

Having these checklists/policy documents do not ensure your IT infrastructure is always safe and secure, or never suffers a downtime. These checklists merely help in cutting down instances of security breaches or downtime and go a long way in helping you respond positively to any IT crisis that may befall your business. What we have discussed here is just the proverbial ‘tip of the iceberg’. Your checklists have to be comprehensive, in-depth and cover every angle with a clearly defined action plan for any IT contingency. Reaching out to an experienced MSP for assistance will ensure you leave no loose ends.

IT checklists are a great way to analyze, understand and take the necessary steps to meet your IT requirements. In this blog, we discuss 2 of the 5 important IT checklists–Hardware/software and Cybersecurity.

When creating a checklist for hardware/software purchase, use, and installation, answer the following questions.

  1. How do you determine what hardware/software is needed?
  2. What about installation? Who will be doing it? Incorrect installation can end up resulting in loss of time and, in case of faulty hardware installation, it can also mess up the new hardware
  3. What is the process for the procurement of new hardware and software? Do you have regular vendors who you approach or do you start looking for a suitable one once the requirement arises
  4. Establish a policy for operating systems, because not all hardware/software is compatible with all OS.
  5. What about updates, security patches, and upgrades? Who will be responsible for them and how often?
  6. Who is responsible for software installation when there’s a new user requirement

Cybersecurity training can help reduce incidences of cybersecurity breach due to a lapse of judgment from your employees. Here’s what your cybersecurity checklist should cover- all security-related aspects of your IT. For example

  1. Create and implement a password policy that you want your staff to adhere to. Cover password hygiene, acceptable passwords, password sharing, reuse, password update rules, etc.,
  2. When someone quits your organization or no longer works in the profile that they were working in, how is the access issue addressed? Spell out the rules and regulations regarding the removal of a user from the network, changing passwords, limiting access, etc., Along the same lines, also cover new user initiation into the IT network.
  3. Include policies for data sharing–which data can be shared, where and by whom, who has access, the level of data access rights, etc.
  4. Spell out the plan of action to be taken in the event of a cybersecurity breach. Whom to contact, how to quarantine the affected systems, what steps are to be taken from the legal perspective (disclosure of the breach, data security violation penalties, and so on…) how to prevent such future events, etc.,
  5. Your cybersecurity checklist should not only cover the digital aspect of IT security, but also the physical aspect of it. Establish rules and regulations for physical access to data.

Interested in learning more? Watch out for our next blog that offers pointers on IT training, data backup and BYOD checklists.

Whether you have your in-house IT team, or have outsourced your IT needs to be taken care of by a Managed Services Provider, you need to know what are the possible risks to your business from the IT perspective. Having an IT risk checklist can help you be better prepared for an IT emergency.

Getting started

In order to assess your IT risks, you need to first know your IT landscape. Answer questions like

  • What role is IT going to play in the success of your business
  • What areas is IT supporting your business in, currently
  • What new roles can you foresee for IT in improving your business efficiency
  • Do you have any new technology in mind that you want to implement in the next year
  • If you have your in-house IT team, what kind of staff structure do you see in the next year
  • If you are planning to expand your in-house IT team, how many team members will you need to bring onboard and what will be the cost associated with this decision
  • Would it be more effective and efficient to hire an MSP instead to supplement your in-house IT department
  • What is your IT budget for the year

The checklist for your IT risks

The next step would be to create a checklist of your IT risks. At this stage, you should be answering questions like

      • What IT risks are most relevant to you? For example, data privacy is a serious concern for a business operating in healthcare, while phishing can be a bigger concern for an accounting firm. Another angle to look into are environmental risks. For example, do you operate in a hurricane-prone area, or someplace prone to wildfires? Make a list of risks most relevant to you and assess the possibility of them happening to you. Such assessments will help you arrive at the key safety measures that you need to take, as a business, to keep your data safe.
      •  

      • In the worst case scenario, if your IT infrastructure were to fail, how long can you survive before it will be difficult for you to bounce back? Can your business operate without your key IT systems working? If not, how long can you afford to keep it shut?

      Whether you have your in-house IT team or rely on an MSP for your IT maintenance, this exercise will help you understand your key IT goals and the possible impediments to them, and help you survive in the event of an IT emergency.

As a business, you are probably aware of the term, cyber insurance. With the cybercrime rates rising consistently, cyber insurance is increasingly becoming a necessity for survival. Here are a few things to consider before you sign up with a cyber insurance service provider.

Risk analysis

First, perform an internal risk analysis. Research to understand what kind of cybercrimes are most rampant in your industry and ensure your insurance policy covers those for sure. Like we discussed before, the most basic of cyber insurance covers data breach and associated costs, but you definitely want more than just that.

What is the scope of your policy

Be clear about the scope of your policy before you sign the dotted line. Remember that cyber insurance functions on the same principles and policies as like any other insurance, which means there will be deductibles, waiting periods and exclusions. Be sure to ask your insurance service provider about them. You don’t want to find out you weren’t covered by insurance until after the attack, at the time of claim. Here are a few things to ask your insurance company in this regard.

  1. Does the policy cover you if a breach happens via your sub-contractor or vendor and makes you liable to your clients? If your cyber insurance doesn’t cover those, then make sure your vendors and sub-contractors have cyber insurance to cover you or sign some kind of an indemnity contract with them so you are covered in the event of such incidents.
  2. In case of an action by your employee causing the breach, such as clicking on a fraudulent link or sharing data accidentally to a dubious email ID, will you still be covered?
  3. Ask your insurance provider to clearly spell out any deductibles, exclusions and window periods that may exist
  4. Check with your insurance provider on what would be your liabilities as the insured. For example, there may be rules regarding anti-virus measures, data safety and security measures, IT training, timely data backups and IT audits, etc., that you may have to follow in order to be eligible to be covered under the insurance in the event of a breach

Before you sign up, do your research thoroughly, get proposals from multiple insurance service providers and opt for a policy that covers your needs the most and the best. Sometimes, service providers may be willing to make additions or modifications to an existing policy to meet your exact requirements, which may work best for you.

Cyber insurance covers a range of elements, the most basic being the legal expenses incurred as a result of falling victim to cybercrime. This includes legal fees, expenses, and even any fines that you may have to pay or financial settlements that have to make with your customers or third parties who have been affected as a result of the incident. Apart from this, depending on the coverage you opt for, your cyber insurance may cover the following.

Notification costs

In the event of a data breach, the business is required to inform all affected parties of the breach. This involves reaching out to them individually and also through the press. Cyber insurance may cover the costs related to this process.

Restoration costs

After a cybercriminal attacks your IT infrastructure, you will have to spend money restoring it. There will be considerable expense in terms of recovering the lost data and repairing or replacing affected IT systems.

Analysis costs

In the event of a data breach, you will have to conduct a forensic analysis to identify the root cause of the breach and figure out how to prevent further occurrences. Cyber insurance may cover the costs of such an investigation.

Downtime costs

When your business operations shut down, even temporarily, due to IT issues, you lose revenue. You could get a cyber insurance policy to cover such downtime costs.

Extortion money

In some cases of data theft like a ransomware attack, cybercriminals usually demand a certain amount of money as ransom or extortion to let you access it again. Considering how rampant ransomware attacks are these days, it may make sense to opt for a policy that covers this angle as well.

How much does cyber insurance typically cost

Depending on the coverage and risk, annual cyber insurance costs range anywhere from $1000 a month to about a million dollars. But, what you need to ask yourself is, how much can it cost you if you ignored cyber insurance? The answer is, it could cost you your business, your customers and your brand reputation. With cybercrimes rising at alarming rates, cyber insurance is not a luxury that only the big players should invest in. It is the need of the hour for any business, irrespective of its industry or size.