Does My Company Really Need to Outsource IT Support?
With the recent news about Facebook, foreign agents and massive data leaks from industry stalwarts like Equifax and Under Armour, do you feel confident in your knowledge about what exactly you're going up against? Don’t feel discouraged if not - with the internet and accessibility constantly evolving, even the most seasoned IT professionals hesitate when answering that question.
Though a lot of companies are turning to internal or external managed IT services, those organizations without either are falling behind and risking a serious business liability without some sort of prevention or insurance. The most common cause for an absence of preparedness? A lack of knowledge surrounding the issue.
Many business owners or decision makers that fall into this category are already strapped for time with managing their day-to-day responsibilities. Ensuring employees and clients are happy and maintaining a healthy bottom line are usually the top priorities, while things like cybersecurity fall to the wayside. The catch-22 with this line of thinking, though, is that this is the precise reason data leaks are so rampant, and will only continue to get worse in the coming months.
We sat down with our in-house Virtual Chief of Information (vCIO), Jeff Blount, to address some of the more frequently asked questions he's seen while consulting with businesses. Keep in mind that though this is by no means a definitive guide, we do hope it will help you become more informed and better able to protect your business from an intrusion.
what is cyber security?
Cyber security is any form of practice, technology, or process that helps to protect networked computers from unauthorized use or harm. There are a number of simple ways to protect your software from unwelcome visitors. The most basic form of cybersecurity? Keeping your passwords and usernames private.
Make sure you are setting passwords that are difficult to decipher, never directly open links sent to you in an email without verifying the sender, and regularly update your computer to the newest programs provided by the system you use. By following these basic practices, you are headed in the right direction toward a protected workstation.
But did you know the most effective form of intrusion doesn't require any knowledge of programming code, an advanced digital skill set or even access to any computer owned by your company?
The art of social engineering
You never truly know who's on the other end of the computer (or phone). Some of the worst data leaks have occurred when the hacker didn't actually perform any sort of "hacking" at all. Using just a phone and the internet, someone can gain access to your account by manipulating basic human emotions. It's surprisingly effective for someone to pose as the business owner and receive all employee W-2 tax information or, as in the case of this video, pretend to be your significant other and take complete control of your accounts with help from your own support team.
Prevention of this really is comes down to ensuring your team is vigilant. Your biggest liability are your employees and users. Post-intrusion, the only thing that your business can really rely on is cybersecurity insurance. Pre-intrusion, your best bet is to protect your business from two angles:
First, take stock of the current processes in place. Think of your business as a gated community. There should be only one way in to the community - through the firewall (security guard shack). From there, evaluate the layers you have from that entrance point to the "safe" of sensitive data in each house/division of your company. Is there a lock on the front door of each? Who has a key to that lock? Ensure that there are layers of protection in place with only mindful employees maintaining access - accountability plays a huge role in data protection.
On the user side, keep your staff trained with periodic security sessions, checkups and other frequent reminders. Ensure there is a system of checks and balances in addition to your policies and procedures. Before an intrusion takes place, it seems like common sense to avoid it. Instill that common sense by exposing them to the threats they may face and what should trigger a suspicion. Education and repetition breeds common sense.
What is malicious software?
Malicious software, or "malware" for short, includes any software that is intrusive, unauthorized, or destructive to your computer’s system and networks. Bots, trojans, spyware, worms, and viruses are all common forms. Malware targets your computer’s software and hardware.
Anti-malware software protects your computer system from viruses, rootkits, ransomware, and spyware. It can be purchased as a cloud service or as off-the-shelf software. It is up to you to decide which route you’d like to go, as both options have their benefits.
Keep in mind that the software will differ based on the system you are working with, whether it be Mac or PC. Although powerful, it's hard for any one solution to catch all instances of infection, especially considering there are newer, more refined versions being released every day. Consider a second solution such as Malwarebytes, Antimalware or HouseCall to run intermittently between sweeps of your primary program to ensure that nothing was missed.
How can outsourced IT support help manage my network security?
There's only so much you can do on your own when it comes to keeping your computer systems secure. IT services companies have fully dedicated teams of professionals constantly evaluating your network for weaknesses and vulnerabilities.
The biggest difference you should take into consideration is the service model of a company. Most IT companies operate on a break-fix model, meaning that they arrive to clean up a situation once an issue occurs. Basically, break-fix services are like 911 emergency services after a break-in, arriving to contain the damage and investigate the cause and culprit. Unfortunately, the bill for services rendered by these support teams is likely to jump substantially in the event of a disaster. This model does work for some companies, though - usually those with an IT department in place that need help after an intrusion.
Companies that want 24/7 monitoring and end-to-end support should consider a proactive IT support company. While break-fix models typically incur downtime while the issue is being resolved, proactive IT support specializes in preventative maintenance, addressing weaknesses before an intrusion or hack occurs. Proactive managed IT services are a great fit for any company looking for on-going support and technical expertise with a simple monthly cost that doesn't fluctuate.
If you or a decision-maker is still on the fence about investing in an IT solution, be sure to download our "5 Consequences of Not Investing in Technology for Your Business" checklist. It outlines the five most common problems that organizations of any size run into without a IT solution in place.