Why Choosing a Managed IT Provider on Price Alone is Going to Cost You

Shopping for IT companies on price alone is tantamount to comparing bruised apples to a tender steak. There is no comparison.

It’s understandable when businesses shop for an IT provider based on price but just about every managed IT provider offers a different service so it’s impossible to get an apples-to-apples comparison. Some only fix things as they break. Some are one-and-two-person shops and don’t have the capacity to serve your business. Other IT providers include regular strategic meetings to plan your IT to meet your future goals, use industry best practices and have essential expertise in areas like compliance and security.

This is not to suggest that price considerations be thrown out the window. Price is just one decision-making factor. It’s important to get the level of service, expertise and protection that are going to help your business thrive, grow and achieve your goals.

Choosing your IT provider on price alone is going to cost you: downtime, solutions you may not need, more time spent troubleshooting network issues, security breaches, slow resolution times and a lack of strategic IT planning.

We recommend shopping around and talking to several IT providers. To help you make the best decision for your company, we’ve put together this list:

 7 Things to Ask Managed IT Providers Before You Choose One

1.      How can they align your IT with your business goals?

Technology can and should support your strategic direction just as much as it provides for your day-to-day operations. An IT expert should be there to advise you on how to align your IT with your business goals. Without regular meetings to discuss this essential strategic alignment, your IT provider can’t know what your needs really are. And neither will you. At Deerwood Technologies, we meet with clients regularly and provide quarterly reports that show clients how we are managing their IT and any recommendations we have to keep your IT on track to support your business.

2.      What solutions do they sell?

If they are constantly pushing one vendor, then their focus isn’t on finding the most sensible solutions for your business. They’re more focused on a one-size-fits-all model. Not only does that present specific problems for some industries (such as compliance and integration with line-of-business software), but it underscores that the IT provider is not really going to be a provider who aligns technology with your strategic vision.

3.      What security services are included in their managed services offering?

So many businesses are surprised to learn that having an IT provider doesn’t mean you have good security coverage. Or any, for that matter. Firewalls and antivirus protection are not adequate. Security should be integral into every aspect of your IT environment. Add-ons or ad-hoc solutions will do little to protect your business. Be sure you seek out a firm that has in-house security experts that can offer in-depth, specific recommendations based on your company’s existing environment, needs and goals.

4.      What steps do they take to prevent problems on the network?

IT companies that only fix things are not strategic, are not going to align with your goals and are not going to take steps to prevent things from breaking in the first place. This includes running patches, monitoring, automated alerts and threat detection.

5.      What is their documentation policy?

Documentation is the unsung hero of quality IT care. It’s the systematic record-keeping of your entire IT environment: servers, switches, configurations, software, passwords and so on. This level of information ensures continuous coverage of your IT and makes it possible for you to move to another IT provider with relatively little disruption or confusion on the new IT provider’s part. It also ensures you have what you need to your own systems.

6.      What can they tell you about their standard procedures?

Standard procedures are a great indication of a mature company that has expertise and understands the IT industry. If you say, “tell me about some of your standard procedures” and you get a deer-in-the-headlights response, it’s a red flag.

7.      Do they have referrals you can call?

Credibility is crucial. Ask for referrals and follow through on the phone calls. When you speak to their referral companies, ask questions. Here are two we recommend: 1. How long does it take to get critical problems resolved? 2. What is the IT provider doing to ensure your security?

The important thing to remember is that your IT provider should be able to strategically align with your business and take the burdens of IT off your shoulders.

Outsourcing your IT? Make sure you put your business in expert hands. Contact us today online or call us at 218-534-5357.

How Outsourcing Cybersecurity Can Reduce Risk for Small Businesses

Approximately 60% of small- and medium-sized businesses that are subject to a cyberattack go out of business within six months, according to the U.S. National Cyber Security Alliance. Multiple studies show cybersecurity attacks are increasingly targeting small businesses as criminals recognize the ease of which they can often infiltrate businesses.

Along with this rise is an industry-wide shortage of IT security expertise, leaving many small- and mid-sized businesses crippled and vulnerable. As you work to understand how to navigate your IT security with these challenges, consider outsourcing your IT.

Outsourcing allows small and large businesses to leverage economies of scale for their IT needs. A recent study from Computer Economics found that security was the fastest growing IT role being outsourced. It’s little surprise, as more companies recognize they can’t insource the right skills to address these varied and complex threats and keep their company safe. That makes security a priority for outsourcing.

By choosing to leverage external resources, these companies can refocus on their core competencies and offload the external pressures created by an ever-changing IT threat landscape, increasing complexities presented by technology and the scarcity of IT employees who can navigate these challenges at a fair price.

There are several benefits to outsourcing IT, especially when it comes to improving your security. Here are our top 5:

  1. Expert IT security you can afford

Comprehensive IT security management calls for expertise in diverse skill areas, typically requiring multiple specialists. At the same time, there is a market-wide shortage of these skills. Hiring and retaining workers with the requisite skills to protect your company is expensive and uncertain. In contrast, you can access a team of such experts by outsourcing and pay flat fees with relative certainty that your IT team is going to be there, protecting you around the clock.

  1. Focus on your core business

Outsourcing your IT even partially can free up critical resources to focus on the core of your business. Your existing IT team can manage infrastructure and all those “keeping the lights on” tasks or turn their attention to strategic initiatives to make your business more effective and competitive. For example, outsourcing your IT security allows your staff technicians to focus on high-impact projects that lead to the success and growth of your business.

  1. Informed policy guidance

The IT threat landscape is always changing, and companies that don’t have a full, expert grasp of the extent of these security risks can’t adequately address them. Creating effective security policies takes in-depth experience that most IT generalists don’t possess. For instance, the IT staff in your company may not be able to accurately assess the effectiveness of your existing security policies or how well your company is keeping up with compliance requirements you’re required to follow.

  1. Unbiased checks and balances

Your IT security is best outsourced because it ensures some necessary degrees of separation between your company and your security checks and balances. Processes like security assessments and recommendations can become sensitive territory when managed internally. Outsourcing puts it in the hands of neutral parties who are fully vested in protecting your organization and can offer verification of that protection.

  1. Comprehensive security coverage

Most companies focus on infrastructure security measures, like firewalls, antivirus and spam-filtering but fail to address internal threats or physical security risks like inappropriate data access or removal and employee security lapses. These actually represent a large risk to organizations. Employees removing confidential information on a USB key or  a busy manager clicking on a phishing link can all have catastrophic results (Make sure you download our new tip sheet to avoid these common risks).

The nuances of these internal threats rely on trained security professionals. it’s not something you can have a regular IT person scout for with enough success to detect all the vulnerabilities.

Outsourcing your IT to a managed IT company with specific security expertise addresses security from all angles, covering your bases and providing safeguards and protections your internal IT staff often don’t have the experience, training and skills to implement and oversee. Given that 60% of small businesses suffering a serious cybersecurity incident go out of business within 6 months, outsourcing your IT security could be one of the most important decisions you make as a business owner.

Who is guarding your business? Contact us today to find out or call us at 218-534-5357.

4 Reasons Employee Cybersecurity Training is Important

When your employees get an email that looks like it’s from one of your clients, with a link to an invoice to pay, are you confident they won’t click on it? If one of your senior staffers gets an email from the CEO asking them to wire money to a different account, how confident are you that they won’t? What about when an employee is at home, checking their work email on their mobile device and gets an email asking them to take a free survey for a chance to win an iPad. What’s stopping them?

1. 91% of successful data breaches started with a spear phishing attack

Social engineering attacks, or phishing emails, can look very real for the busy and untrained eye. Even ones that are particularly sophisticated. Your employees’ level of awareness is your frontline defense against these kinds of emails.

Small- and mid-sized businesses are increasingly targeted with the simplest and most effective measures because, commonly, these businesses are easy prey. Employees are busy, untrained and likely can’t detect these emails. Hackers are banking on your employees not being able to detect the most basic phishing emails. And 9 out of 10 times, they’re right.

2. Security software is no match for a phishing email

As hackers have become more creative and have evolved their tactics, software has proven an unequivocal match in keeping these emails out of inboxes. Companies are spending money to upgrade or add new antivirus software, anti-malware systems, firewalls, spam filters and security analytics.

Of course, all of this is necessary, but it will not detect every threat. No IT company or solution provider can guarantee 100% protection because of the human element. That is to say, nobody can guarantee your employees won’t click the wrong thing and download malware. Even the best software can’t protect people from themselves.

3. Cybersecurity awareness training is one of the most cost-effective and powerful security solutions available

Most companies know they need some kind of security software, but without IT security experts guiding their decisions, they miss one of the most cost-effective methods for preventing successful attacks and the subsequent loss of data, money and reputation – ongoing cybersecurity awareness training for their staff.

According to Symantec’s annual benchmark report, in 2017 spear-phishing has emerged as the most widely used method for an attack.

Training employees is a low-cost solution and one of the most powerful solutions at protecting your network as it is effective in protecting your network. The responsibility to protect your network often falls on the shoulders of your unsuspecting employees, and it takes little more than a single click to wreak havoc on your network with ransomware, a breach of data, a cyberheist or something else.

No matter how well you fortify and protect with security solutions, your employees remain your weakest link.

4. The right cybersecurity awareness training keeps employees current on cyberthreats

With statistics that put employees in the hot seat for the majority of malware and phishing attacks, it’s clear the effectiveness of cybersecurity awareness training is paramount. Once per year training is inadequate at ensuring employees have the most current developments in hacking and cyberthreats. Sporadic training like this serves only to cover the rudimentary basics and often doesn’t measure how well employees grasped these concepts. When they’re exposed to sophisticated phishing attempts, they’re every bit as likely to succumb to them.

We recommend the following:

  • Ongoing education campaigns that rely on applicable knowledge
  • Continuous practical tests and evaluations to see how employees respond to phishing emails
  • Specific, tailored follow-up education for employees who demonstrate the need to maximize your success rate and address areas of weakness in your company

Employee cybersecurity training should be part of a holistic IT security plan that’s based on what you need and what works within your budget. Deerwood Technologies’ signature GUARDIAN Managed CyberSecurity services offer robust, proactive IT protection for commercial businesses and public sector agencies at an affordable price.

Will your employees know what to do when they get a phishing email? Contact the security experts at Deerwood Technologies and learn how to get ongoing, real-world training and curb the threats to your organization. Call us at 218-534-5357 or reach us online.

Why Your Small Business Needs Cybersecurity

In the IT world, cybercrimes and data breaches are becoming more and more common. And, unfortunately, it doesn’t matter what size your business is or what type of information your business has, everyone is fair game.

Most small businesses don’t think they’re a Target for Cyber Crime – They Are

Over 80% of small-medium-sized businesses believe they are not at risk of a cyberattack. Yet the 2017 State of SMB Cybersecurity Report indicates that over 61% of small businesses were breached between September 2016 and September 2017 with employee negligence being the No. 1 cause of a breach.

Small- and medium-sized businesses are a prime target for attackers because they tend to be easier targets. They’re often less secure and unprepared for attack. (Think about burglars that go after houses where they know no one is home – it’s a similar concept!)

You May Underestimate the Value of Your Information. You’re The Only One.

It doesn’t always seem like it, but every business has data worth stealing. Did you know that the average cost per lost or stolen record is $158? It may not seem like a lot, but this number grows quickly once these records are stolen by the hundreds or thousands. In the past year, the number of records stolen during SMB cybersecurity breaches has nearly doubled to 9,350 records. That means the average breach will cost a company $1,477,300.

What’s the Risk of Cyber Crime In a Small Business?

When you look at the risk of cybercrime, here are a few things to think about:

  • 61% of small businesses report experiencing a data breach in 2017.
  • 79% of small businesses do not have an incident response plan. Without one, you may never fully recover when a security incident becomes a reality.
  • Over 50% of U.S. companies’ sensitive data can be accessed via an employee’s smartphone or tablet.
  • The average cost of a data breach is estimated at a staggering $1.48 million per company.
  • 60% of companies that lose their data due to an attack or disaster will shut down within six months.

The Unseen Costs of a Breach

There’s a less obvious consequence from cyberattacks. Your company’s reputation. The reputable brand you’ve worked so painstakingly over the years to build and protect can be wiped out with one breach. Though it may not show up on a balance sheet, it’s a key component to your success.

Your current customers can lose confidence in your ability to keep their data safe and will question their loyalty to your business. Potential customers may see the breach and lose trust in you as a potential partner. Employees will question your management. Vendors might seek other partners, and competitors will seize on the opportunity as a competitive advantage.

If you have data, you’re a potential target. Small businesses in particular are increasingly at risk because criminals expect you to be an easy target. The costs can be overwhelming and staggering, and just one breach can cost you your reputation and your business.

Working with a managed IT company with specific expertise in IT security is a critical insurance policy to ensure the longevity of your business. Deerwood Technologies is the only IT company in the region with security skills in the specific disciplines required to give you the most comprehensive coverage, from defensive security to employee risk training.

Don’t make it easy for criminals; trust the security experts with your livelihood. Contact us today online or call us at 218-534-5357.

Information about Meltdown and Spectre Hardware Exploits

We provided the following to our GUARDIAN Support Clients on Friday:

Earlier this week the existence of two CPU related security vulnerabilities was released to the general public. These vulnerabilities affect most modern computing device processors (including Intel and AMD), and allow an unauthorized process access to privileged system memory.

There are currently no known active exploits of these vulnerabilities.

Microsoft has released a Security Only Update on January 3, 2018 to address this vulnerability for Windows devices. This patch has a known compatibility issue with most antivirus programs. If this patch is applied prior to pending updates by your antivirus vendor, your computer will not boot.

On January 9th Microsoft will be releasing their Monthly Security Patch Rollup, which contains the same patch, but will automatically detect if your antivirus software has been updated to be compatible.

Actions and plans: 

GUARDIAN Support clients will only need ensure your computers are left online during their normal patch cycle. Patches will automatically be deployed, in the correct order, over the next few days.

If you have any questions or specific concerns, please contact us.

Thank you for your business!

 

Sensitive data demands special attention

If you need to maintain compliance of any sort, your company needs to ensure that you’re up-to-date on all the proper requirements and regulations. Too many businesses run without sufficient policies, plans and procedures.
Join us for a 1-hour webinar, “5 Hidden Threats That Put your IT Systems at Risk” on January 10th at 1:00pm
 Thorough discovery and assessments BEFORE a regulatory audit can uncover security issues and provide corrective action to help avoid potential data breaches and fines.
Seating is limited, so register today.
Picture1 Picture2a

Do you have the budget, skills or resources to have inhouse experts devoted solely to cybersecurity?

Dedicated Cybersecurity Expertise Combined with Advanced Threat Intelligence

You may have employees who handle cybersecurity along with other general IT responsibilities, but that’s not enough. Through no fault of your own, you’re unprepared to protect against and remediate these cyber
threats. If you’re attacked, you won’t be ready.

A Managed Security Services Provider (MSSP) provides the proactive, preventative maintenance and technology you need to secure your  workstations, servers, devices and networks. Working with an MSSP is also a more cost-efficient way to address your information security needs.

Some additional benefits you’ll receive include:

Multi-Layered Threat Protection and Prevention
You don’t always have the time, bandwidth or resources to stay up-to-date on the latest security processes and implement the proper defenses to keep your network protected. The easiest and most beneficial solution for you is to partner with an MSSP like us and fully leverage our services and expertise.

Together, we can minimize your business’ risk and develop a plan that focuses on resiliency, not only prevention. The best approach to IT security is a multi-layered approach (education, prevention, preparation, response)  and we can provide that with you.

Simplified Management
If your IT security strategy is a patchwork of different devices from multiple vendors, it may be putting too much strain on your in-house team to manage. Our unified threat management and cybersecurity services allow for a more centralized management of threats to local and remote
environments from a single console. And as your MSSP, we can take care of the deployment, management and monitoring for you – thereby addressing your security needs in an efficient and simplified manner.

Your Ultimate Failsafe
We can be the expert you can turn to in case of a ransomware or other cyber attack.  As your MSSP, we’ll give you the steps you need to take so as to minimize interruption to your business and profitability, and also provide you and your employees with training and education to prevent future
attacks. The key to protecting your business is to take preventative measures now. When you work with us, you can rest easy knowing that your network is secure, your data is protected and that we’re available 24x7x365 for any and all of your support needs.

After reviewing our CyberSecurity Checklist to assess your security posture, contact us today at 218.534.5357 to schedule an appointment to discuss how our expert services team can help with your IT support needs.

Are your employees helping hackers?

Consider what happens when a threat bypasses perimeter defenses and targets an employee—in the form of a malicious email or text, or even a voicemail that might prompt a response with confidential company information.
Your employees need to practice strict and secure cybersecurity habits— not only to thwart digital attacks, but also to prevent someone from simply walking by their desk (in the office or at home) and picking up a device or document that contains sensitive information.
It only takes one incident to completely destroy any goodwill you’ve  established and built with your customer base.  Educating your staff on what it takes to protect proprietary documents and data is critical.
Download our e-book: Cybersecurity Tips for Employees, then contact us to schedule Security Awareness Training  – provided as part of our GUARDIAN Managed Security Services.

IT security must continually be revisited

Data Security Now Requires Consistent, Vigilant Monitoring and Maintenance 

With all of the various threats to your company’s data and factoring in the impact of exploited network or system vulnerabilities, you simply don’t
have the time to do what it takes to keep your business secure.

If you don’t have someone constantly and actively monitoring your network, you may not detect any issues until it’s too late. What if you didn’t know you were hit with ransomware until after the ransom payment window closed, and you couldn’t access any of your files?

The average time to detect malware or criminal
attack is 170 days (Heimdal Security).

Examples of time-consuming, but necessary cybersecurity tasks you can offload include:
Reviewing firewall rules
Updating your firewall
Patching the latest vulnerabilities discovered
Maintaining required controls and standard certifications, such as: ISO, SSAE16, HIPAA, SOX, etc.
Filtering web content
Updating software

Download our CyberSecurity Checklist to see where your company currently stands.

If you have questions about keeping up with your company’s security – whether it’s in-house or outsourced – contact us today. We’ll be glad to begin the conversation with you!

December 9th: electronic recycling drive

Looking to purge before the holidays?! There’s no better way than to collect your old electronics pieces, parts, and paraphernalia and bring it to us for safe recycling.

Below is the flyer for our bi-annual event – set for Saturday, December 9th from 10am to 2pm. Let’s see if we can beat May’s total weigh-in of 2,910 pounds of electronics!

RecyclingDrive12.9.17