• December 28, 2022
  • Catagory SMBs

Technology trends for SMBs to watch in 2023

By : Sanjeev Spolia

The cloud has leveled the playing field for small and medium-sized businesses (SMBs), enabling them to scale up and compete with bigger players, but keeping on top of technology trends can be daunting and overwhelming.

Here’s what you should keep an eye in 2023.

Security

We’ve already dove into what’s in store for cybersecurity in 2023, but we can’t overstate the importance of understanding the threats that are out there and growing, as well as the technologies at risk and those that can help you improve your security posture.

Remote work management

Tightly tied to security is your ability to manage remote workers. The hybrid workplace is likely here to stay, so you need to have solutions in place to support employees wherever they are, including best practices for onboarding them and closing off their access should they leave the organization.

Collaboration tools

No matter where your employees work, the ability to efficiently collaborate gives SMBs a competitive edge no matter your industry, and it helps to attract and retain talent. You must have a platform in place for management of files, chat, video meeting and communications to avoid employees getting siloed so they can be efficient, collaborate and engaged. Securely, of course.

Automation

SMBs who want to be nimble and keep pace with larger competitors must look at where they can automate – IT teams need to be able to focus on strategic initiatives such as digital transformation, not every minor aspect of onboarding and managing remote workers including identity management. Having strong polices in place supported by automation will relieve pressure on IT staff and contribute to a better security posture

Sustainability

Businesses of all sizes including SMBs will be under increased pressure to make sure they’re lowering their carbon footprint with more sustainable technology, whether it’s on-premises IT infrastructure or what they’re purchasing through suppliers, including their managed service provider, right down to the chips powering the servers. Reducing your carbon footprint is an opportunity to streamline the technology you’re running and the data you’re storing, so you’re not spending money using energy unnecessarily.

What won’t change in 2023 is that keeping up with technology trends can be daunting for SMBs, which is why you should consider working with a managed service provider to best understand how to adopt and adapt to optimize your operations and improve your bottom line.

  • December 15, 2022
  • Catagory cybersecurity

How Cybersecurity is Shaping Up for 2023

By : Justin Folkerts

Remote work during the pandemic and the current dynamic of hybrid workplaces has had a strong impact on how you must manage cybersecurity. Remote work isn’t going away, while other longstanding trends as well as new realities will affect cybersecurity in 2023.

Ransomware remains a major threat

Expect ransomware attacks to continue to be a factor in your cybersecurity planning, as threat actors move from encrypting files to targeting third-party cloud providers while continuing to use aggressive, high-pressure tactics to extort victims, including data-encrypting malware and more novel infiltration approaches.

Global geopolitics will affect your business

The ongoing conflict in Europe will mean some of those ransomware threats will come from Russia. Overall, 2023 is going to begin with a great deal of uncertainly and tension, with more state-sponsored threat actors looking to destabilize global economies and specific industry sectors such as logistics and shipping, energy, semiconductors, and financial services.

Zero Trust adoption will grow

With more workloads being moved to the cloud, a Zero Trust approach to security will become more compelling and necessary in 2023, transforming how you secure your infrastructure, including network penetration testing.

Automation will increase, too

It’s near impossible for organizations of any size regardless of budget to keep up with the volume of threats, which means 2023 will see even more automated cybersecurity, enabled by artificial intelligence (AI) and machine learning. The downside is the bad guys can leverage automation and AI, too, which means organizations will need to take a more active approach to cybersecurity.

Watch out for bots

Speaking of automated bad guys, be prepared for more bot activity in 2023, which can automate and expand attacks as perpetrators rent out IP addresses to make it difficult to track them.

Your own IT is a threat

Between shadow IT and the proliferation of endpoints either due to remote work or internet of things (IoT), there’s no shortage of attack surfaces for threat actors in 2023. If your endpoints aren’t properly configured and you’re not keeping a handle on shadow IT, your cybersecurity posture will be drastically weakened.

You people can still be a problem

Even with all the right technology in place, the biggest threat cybersecurity in 2023 will continue to be your own people, whether it’s by accident or due to insider threats from unhappy or former employees. Training combined with a Zero Trust approach will mitigate risk to your business.

What won’t change in 2023 is that cybersecurity isn’t something most organizations can handle on their own, so if you haven’t already, make it the year you see how a managed service provider can help evaluate and shore up your security posture.

  • November 30, 2022
  • Catagory Managed IT Services

Your Security Strategy Should Include MDR

By : Justin Folkerts

Implementing security technologies such as a Security Information and Event Management (SIEM) platform will only protect your organization if they are effectively managed, which is why you must consider embracing managed detection and response (MDR).

MDR isn’t a technology, it’s a service with SIEM acting as key pillar of its foundation, as well as endpoint detection and response (EDR). Delivered by a third-party service provider, it allows you to tap into cybersecurity expertise that’s in high demand and difficult to attract and cultivate internally. Your managed service provider (MSP) is a great resource for accessing MDR and a team of skilled professionals who can help you manage and optimize your security.

It’s also more proactive – security experts on staff with your service provider leverage SIEM and EDR to monitor and analyze events so they can identify dangerous threats before they can have a negative impact on your business. MDR delivered by an MSP is better able to keep up with volume of anomalous events to discern whether they will result in a serious data breach or malicious attack by a threat actor.

The most compelling reason to seek out a service provider who can deliver MDR is they can do it 24 hours a day, 7 days a week, 365 days a year. For most small and medium sized businesses, it’s simply mot feasible to staff your IT team with security experts all the time, including holidays. Even if you can attract the skilled personnel, it’s better to have them focused on more strategic IT and security initiatives. An MDR provider reduces the burden on your own people, so they have more time to breath, given all their other responsibilities.

An MDR analyst with the latest and greatest tools can better sift through the vast amounts of data being ingested from different sources and endpoints and analyze it. They are also able  to understand how to automate security tools to work more effectively so they’re only handling incidents that require human intervention. Their ability to interpret data not only helps them prevent and mitigate vulnerabilities, but also prevent future attacks by applying lessons learned to make your organization more resilient.

A managed service provider is best equipped to optimize security platforms including SIEM and EDR as part of an MDR solution because they can better access and scale these advanced security tools and the necessary skilled professionals capable of using them effectively.

  • November 16, 2022
  • Catagory Data Protection

What is SIEM and Why Do You Need It?

By : Justin Folkerts

The cybersecurity landscape is replete with acronyms, and it can be hard to figure out which ones matter to your business. SIEM stands for Security Information and Event Management, and it’s something you should be leveraging to keep your organization safe.

Pronounced “sim,” SIEM is a software-based cybersecurity technology that gives you a single, streamlined view of your data along with your operational capabilities and security at activities to you can better detect, investigate, and mitigate threats. SIEM bolsters your security posture by providing this visibility in real-time and encompasses your entire environment, no matter how distributed – and it likely is in this era of increased remote and hybrid work.

If you’re worried that SIEM is yet another massive software deployment, there’s good news: it can be cloud-based and configured to monitor your on-premises, hybrid and cloud infrastructure while tapping into a broad array of security tools and technologies.

How SIEM works

SIEM thrives on having a lot of data sources to monitor. It ingests as much data as possible on the hunt for unusual activity that represents a threat actor trying to gain access to your systems or making trouble once they’re already in. Combined with its ability to give you a real-time snapshot of your IT infrastructure and keep logs to support your compliance obligations, SIEM gives you the ability analyze data from network applications and hardware, and cloud and software-as-a-service (SaaS) solutions — all in real time so you can stay top of threats, whether they’re internal or external.

SIEM monitors network devices such as wireless access points, routers, and switches, bridges, as well as the software running on them. It also pulls data from security devices such as firewalls, antivirus software, and intrusion detection appliances, as well as devices and activity related to remote work. Users, event types, IP addresses, memory, and processes are all monitored for signs of exceptional activity – everything from potential malware to a failed login so that any deviations are flagged for security analysts to investigate.

Essentially, your SIEM is a security command center that pulls together all event data into a single location but adds useful context for analysts so they can prioritize what to respond to and investigate. Everything is presented on dashboards, including an overview of notable events with details, risk analysis, and a workbook of all open notifications. Intelligence from users, threats, protocols, and the web are all brought together.

How SIEM helps

SIEM offers many benefits for organizations looking to improve their security posture.

It provides a high level of visibility to help your security teams see everything across your IT infrastructure, including remote endpoints. The right SIEM solution also reduces the number of false alerts, so your IT teams aren’t spinning their wheels and are able to focus on detecting and investigating actual threats. SIEM is also flexible so you can integrate it into your environment with all its unique characteristics that are driven by your industry, including any compliance obligations.

Most of all, SIEM is something your managed service provider can help you with, so you’re not faced with another onerous software deployment. They can help you select, deploy, and even manage the right SIEM solution so you can get the visibility you need to improve your security posture.

  • October 27, 2022
  • Catagory Managed IT Services

Your Printers Need Good Cybersecurity, Too

By : Justin Folkerts

Today’s smart printers must be protected like any other endpoint in your organization – because most printers today are multi-function devices with onboard storage and are part of your office network, threat actors see them as a prime target.

If you’ve not thought to include your printing infrastructure as part of your overall security strategy, now’s the time – and your managed service provider can help.

Believe or not, your printer is one the most vulnerable endpoints on your network, and a hacked printer will at the very least inconvenience your users and possibly threaten your entire business. In the same way that an employee smartphone or remote worker’s laptop is a gateway to mission critical systems and information on your enterprise network, your fleet of printers represent computing endpoints that can be hacked.

Just as people used to send funny jokes via fax machines, networked printers are now the target of pranks, with hackers infiltrating through open printer ports to execute bogus test page with messages on them to let the organization they’ve been breached. More extreme examples involve hackers using unsecured printers to spew out ads and random documents no one your company wants – and wasting paper is the least of your worries.

If your networked printer gets hijacked, you should be as alarmed as if your laptop screen was suddenly filled with pop up ads. And just like your laptop – or smartphone – a printer is a great jumping off point for threat actors to sneak into your office network while your users are distracted by failed print jobs.

You may not even get any indication your printer has been compromised. Rather than bother with silly pranks, a serious hacker will use their access to move around your network until they find a way to do serious damage by stealing data or holding it hostage with ransomware. Before you realize it you’ve been compromised, it may be too late to prevent damage to your business and reputation.

But like any endpoint, a network printer can be secured by following protocols that prevent them from being accessed remotely or by unauthorized users. A managed service provider can help you audit and secure your printer fleet as part of a broader strategy to secure your IT infrastructure.

  • October 13, 2022
  • Catagory cloud backup

5 To Dos for Your Cloud Backup and Recovery Checklist

By : Sanjeev Spolia

If it’s not a matter of if disaster strikes, it’s when. You need a comprehensive checklist for your cloud backup and data recovery procedure if you want to avoid a disruption to your business and your customers.

This checklist isn’t a one and done, either. You’ll want to revisit it regularly to tweak your processes and the cloud backup and data recovery tools you have in place. Here are five key things every checklist should have:

  • Write it down: Document your cloud backup and data recovery procedure and be sure to have a hard copy. It should be a living document that you revisit regularly and outline all mission-critical applications and interdependencies – you can group them together and ensure all connected applications and their data safeguarded equally. Your plan should also detail the roles and responsibilities for everyone involved in executing it, so they know what needs to be done to restore primary systems from a cloud backup.
  • Set your objectives: When you lose data, applications become unavailable. A recovery time objective (RTO) gives you a deadline as to how long you can go without an application and decides how much time it will take to recover after the disaster strikes. A recovery point objective (RPO) directs you were to focus your efforts so you prioritize the data you restore from cloud backup – an RPO defines how much data you can afford to lose in an outage scenario and can guide you on how frequently application data must be backed up.
  • Add redundancy: Complexity should always be avoided, but don’t streamline your storage as far as to put all your eggs in one basket – be sure your cloud backup service provider has adequate redundancy and consider having data storage options that aren’t on your network to protect it from ransomware.
  • Bolster your network: You need a secure and robust network to support your cloud backup and data recovery. Employing deduplication will help you reduce the pressure on your networking and storage resources because you’re only moving data you need to. Meanwhile, make sure data is encrypted when in transit and at a rest.
  • Never stop testing: You must test your cloud backup and data recovery procedures by running regular fire drills. This will provide peace of mind that you can completely recover all data and applications as determined by your RPOs and RTOs. Be sure to monitor and verify that cloud backup and replication processes are taking place, that your destination storage media is operating, and that you can easily restore mission critical data with ease.

An ounce of prevention is worth a pound of cure. By having a checklist in place for your cloud backup and data recovery procedure, you can bounce back from a disruption with minimal impact on your business and to your customers.

  • September 29, 2022
  • Catagory sustainability

Are You Thinking About Sustainability?

By : Sanjeev Spolia

You’ve probably noticed that your customers are taking sustainability more seriously, which means going green should be a priority for your business, too – this can include how you procure technology services.

Sustainability has become table stakes – it’s now a “must have” rather than just a “nice to have.” You can express your dedication to sustainability by how you engage with suppliers, and there’s also business benefits to be had.

With many organizations and industries setting a deadline for 2030 to become carbon neutral, you and your managed service provider (MSP) can play a role in reversing the trajectory of greenhouse gas emissions. Having a sustainability focus also opens the door for financial products to help you go green, including the necessary partnerships to adopt renewable energy, including wind and solar. This falls under what is called environmental, social and governance (ESG) management, including related risk mitigation – sustainable business practices and minimizing environmentally unfriendly operations are now being viewed as a corporate obligation, according to research by KPMG.

Your IT infrastructure plays a role in the environmental aspect of ESG, whether it’s your own on-premises data center or that of your MSP, spanning the design, building or operations – each stage brings with it environmental concerns such as greenhouse gas emissions, pollutants, climate risk, and water efficiency. The sustainability of data centers also extends to every supplier, including the backup generators that turn on in the event of a disruption to primary power – these generators tend to rely on diesel fuel. In the meantime, fossil fuels are burned whenever a technician must drive from one location to another – every aspect of data center operation affects sustainability.

Already there is a shift to exploring different technologies to replace diesel backup generators, including natural gas, but in the longer term, solar and wind are ideal. In the meantime, there are plenty of opportunities to work with suppliers to understand how they can collaborate on sustainability, and that includes your MSP.

Your MSP is likely already facing expectations from other customers to be greener and reduce their overall footprint, including data center operations. An obvious metric for data center sustainability is how it’s powered – hydro electricity is preferred over energy generated by coal, for example. Everything that goes into a data center and your IT infrastructure has a carbon footprint, which means there’s the potential to score it for sustainability.

If you’re already making efforts to go green in your office environment through recycling, managed print services and document management to reduce paper, consider going the next step with the help of your MSP to see how you can make your increase the sustainability of your IT infrastructure.

  • September 15, 2022
  • Catagory IT management

Are you ready to support the hybrid office?

By : Sanjeev Spolia

If you’ve got employees coming back to the office while still allowing staff to work from home, you’ve created a hybrid office environment that can create challenges when onboarding staff, providing ongoing support, and securing a vast array of endpoints.

In some ways, having everyone work remote is more straightforward – when you have employees coming and going from the office, the environment becomes even more dynamic because the definition of hybrid work can vary depending on how you manage it and company policy. Consider the different scenarios:

  • The “at-will and remote-first” approach means employees are empowered to prioritize working remotely
  • An “office-first” policy falls at the other end of the spectrum and resets the organization to pre-pandemic norms
  • “Split weeks” mean days are assigned as either remote or office-based according to a schedule while certain employees might be assigned to be in the office on a week-by-week basis
  • Some organizations are designating who must be in the office and who can work from home on a team-by-team basis

No matter what you choose, a hybrid work environment reinforces the need for a cloud-first approach for business applications and robust cybersecurity. You also need to support collaboration for remote workers and those who opt to be back in the office – and everything in between. A hybrid approach may also mean people no longer have assigned workspaces – hotdesking adds complexity to workstation support and endpoint security, which should always be a high priority. Employees who are on the move risk bringing threats to the office with them.

The emergence of the hybrid office comes at a time when threat actors are upping the ante and exploiting as many attack surfaces as they can – it’s can be difficult for your IT team to keep on top of everything and it takes time away from more strategic initiatives such as digital transformation.

Even before the pandemic and shift to remote work, your IT team was under a lot of pressure to secure infrastructure and protect customer data. If you haven’t already turned to your managed service provider (MSP) to help you bolster cybersecurity, a hybrid work environment should be your tipping point. They can take charge of many security tasks that can otherwise bog down your IT staff, such as overseeing antivirus software and firewalls, and even identity management for all workers, no matter where they decide to work.

If your MSP is helping you with a cloud-first approach, they’re able to monitor your end-to-end infrastructure, including every workstation in the office or at an employee’s home office. They can take charge of onboarding employees so they can access business applications from anywhere and deliver security training services.

Getting a handle on what the hybrid work environment means for your business and relevant IT requirements is an excellent opportunity to expand your relationship with your MSP. Not only can they securely provision and manage the services you need, but also help you better understand your workforce in this new, dynamic landscape so you can enhance service delivery to your customers and maximize employee productivity.

  • August 31, 2022
  • Catagory cybersecurity

Insurance not a substitute for good cybersecurity

By : Justin Folkerts

You don’t use auto insurance as an excuse to drive recklessly, so why would you cut corners on cybersecurity because you have ransomware insurance?

With ransomware attacks doubling in 2021 compared to the previous year – due in large part to the massive shift to remote work – the average cost of a data breach grew to record levels by more than 10% in 2021 as threat actors took advantage of a broader attack surface that resulted from a hybrid work environment.

Much of the costs of these breaches were covered by insurance, including ransom payments, but cybersecurity insurance providers are becoming more selective with their coverage as payouts have increased – qualification processes are more rigorous and the threshold for a payout is getting higher.

If you were depending on cybersecurity insurance without a data protection strategy, you need to seriously rethink how you implement security in your organization.

As ransomware attacks rise, so do premiums

For starters, the number of ransomware attacks is only going to get higher as more and more threat actors with a wide array of experience and expertise look to make money off data breaches – cybersecurity insurance is not going to be enough to save your business.

It’s not that you should cancel your insurance – you should be prepared to pay more – but you must also have people, processes, and technology in place to secure your business and sensitive customer data. Making an insurance claim should be a last resort – no matter how much you pay for it, it won’t bring your data back if you fall victim to a successful attack.

You really don’t want to be paying the ransom, even though many companies go that route – that only emboldens the bad guys to keep at it. Some insurance companies are no longer even covering ransomware payouts. If cybersecurity insurance premiums are going up and not covering what they used to, it’s time to implement better security practices – prevention is much more affordable in the long run.

Your MSP can help you up your security game

Cybersecurity awareness should be something that touches everyone in your organization, including the understanding that a data breach costs the business money – and your insurance provider expects you to raise your game to take a more proactive stance with security.

Even if you’ve put the effort into your cybersecurity, keeping it current and staying on top of all the threats can be daunting. With so many systems, endpoints and users, visibility is you biggest challenge, and understanding the threats, attack surfaces and vulnerabilities requires a great deal of time and resources, including skilled people.

That’s why you should turn to your managed service provider for guidance – they’ve got to contend with rising insurance premiums too and know that prevention is better than getting the cost of a ransomware attack covered. They already have visibility into your infrastructure and can help you put all the people, processes, and technology in place so you can qualify for cybersecurity insurance but hopefully never have to use it.

  • August 17, 2022
  • Catagory Collaboration

Have you talked to your MSP lately?

By : Sanjeev Spolia

Most businesses turn to their managed service provider (MSP) to solve a specific pain point, and if things are running smoothly, there’s little ongoing communication. However, having a regular chat with your MSP can not only identify issues that need solving, but also help you grow your business while improving their service delivery.

Having a channel open to your MSP is an opportunity for you to share your operational challenges so it can identify potential solutions. You may already rely on your MSP for cloud backup services, but not realize it can assist you on other fronts – better deploying applications and services for remote workers, for example, or bolstering your endpoint security.

Even if your MSP is already taking care of more than one process or application, there may other opportunities to better leverage them or even combine them to realize new efficiencies. Fully exploiting technologies can also provide a foundation for launching new services for your customers and improving their overall experience.

But if you’re not collaborating with your MSP, you’re not going to be able to fully capitalize on those opportunities.

How to keep the lines of communications open

Any MSP that cares about its customers will have some framework in place to have regular conversations with its customers.

If you’re not already checking in with your account manager at your MSP, you should get into the habit of checking in at least quarterly – if they’re not pushing for it, you should be. Scheduling a regular chat is that opportunity for you to share feedback about the services you’re already using and what other issues you’re having that they can help you with.

Beyond a regular one-on-one conversation, check to see if your MSP has anything more formal or expansive if place to keep the lines of communication open. Some MSPs run a customer advisory board (CAB) so they can keep tabs on how their customers are doing, their challenges and how they see technology playing a role in growing their business. They may also run webinars around specific offerings, sometimes in collaboration with vendors and research analysts.

Participating in your MSP’s CAB allows you to share in the impact of their service offerings on your business as well as learn how their other customers are using their services as well as technologies from different vendors. Another customer may have solved a pain point you’re looking to solve or have leveraged technologies you haven’t to grow their business and improve customer satisfaction.

Whether it’s through a CAB or something less formal, regular conversations with your MSP can also open a channel to vendors and industry experts such as research analysts who can share insights on how different technologies are evolving and the opportunities that come with them. You may even be able to test some applications and services free of charge to provide feedback that improves them.

The more interaction you have with your MSP, vendors and other customers, the more opportunities there are for knowledge gain that can help overcome challenges and grow your business.