April 22, 2020

How To Protect Your Company From Spear Phishing!

Posted by Deborah Frazier in "How To" Articles

Spear Phishing and How to Protect Your Company

Spear Phishing is a major issue causing small and medium-sized businesses billions of dollars in fraud.  Find out what it is and how you can protect yourself from it.

Example of Spear Phishing

Pam is the Director of Marketing for an international firm.  Recently she received an email from the CEO.  In the email, the CEO asked her to purchase ten $100 Walmart gift cards.  Further, the email stated that the gift cards were a reward for her team doing a good job on a recent project.  Certainly, Pam was thrilled the CEO called her for such an important task.

Quickly, Pam ran down to Walmart and purchased 10 gift cards.  Shen then followed the instructions and emailed him both the gift card and pin numbers.  Unfortunately, the expense was flagged and Pam found out she was a victim of a Spear Phishing attack.

What is Spear Phishing?

Spear phishing is when someone uses a false identity to target an individual.  Subsequently, the sender always appears to be a well known and trusted source. For example, it could appear to come from the target’s executive, boss, or trusted business partner.  As expected, it always involves money or clicking a link.  The most common include:

  1. Brand Impersonation – When a hacker impersonates a well-known company.  One popular example of this is an email from a financial institute that claims there is an issue with your account.  These emails look very legitimate.  The most common are emails from Microsoft or Apple stating there is an issue with your account.
  2. Business Email Compromise AKA CEO Fraud – This is when someone impersonates a C-level executive and requests the sender to wire money, transfer funds, or buy something like gift cards.
  3. Blackmail Scams – When someone claims to have compromising information on you and threaten to expose you if you do not pay them.

How Do These Scams Work?

Scammers are smart.  For instance, with Brand Impersonation or Business Email Compromise: they research the business, their employees, types of transactions, and those in authority.  Next, they establish an email address that is similar to one of the authority figures.  Finally, they email an employee with access to funds or company credit cards and request something that would not be suspicious or questioned by that employee.  On the other hand, Blackmail Scams cast out a wide net in hopes to catch more prey.

7 Technologies That Can Protect Your Company

Clearly, hackers understand the general user’s weaknesses and how to exploit them.  Therefore, the first step to eliminating this threat is to implement some basic technology tools.  After all, if the end-user never receives the email, there is no way they can click on a bad link or respond to it.

  1. Artificial Intelligence Tools – Machine learning tools can analyze abnormalities and filter those emails.
  2. Spam Filtering – Spam filtering will help detect any malware embedded in the email, filter suspicious emails, and identify the origin country of the email.
  3. Antivirus – Antivirus will help detect and filter any viruses.
  4. DMark Authenticating – This technology authenticates the phishing email and puts it into the spam folder or rejects it.
  5. Email Encryption – Email encryption allows you to send and receive sensitive information over the Internet.
  6. Multi-Factor Authentication – This technology requires two pieces of identification to access company data.
  7. Desktop Monitoring – Desktop monitoring will keep your patches and updates current to keep hackers from accessing your email accounts.

5 Employee Training Tips on Spear Phishing

No matter what you do, some emails will still get through.  Therefore, your greatest defense is to train your end-users.  Make sure your employees follow the directions below before acting on anything that requests some form of sensitive information:

  1. The most important advice you can give to an employee is to study the sender’s email address.  Often times, it is a single letter added or missing to the person’s name or domain.  Do not click or act on anything until verified.
  2. Make sure the employee verifies the domain name of the sender.  Do not click or act on anything until verified.
  3. Make sure all employees know that any request to spend money will come from company email addresses, not a personal email address.  Do not click or act on anything until verified.
  4. Train employees to report any questionable phishing emails, texts, or voice mails to your IT department.
  5. Tell the employees, “When in doubt: ask.”  Make sure they are not apprehensive about verifying an email from anyone in your company.  Including the CEO.

INSI is Here to Protect You!

This post is part of the INSI Awareness Campaign that is designed to keep our clients protected and informed.  In addition, you can click here to learn more about our security offerings.

Most importantly, if you are concerned about a spear-phishing email, please do not hesitate to contact our helpdesk at 770-387-2424 before opening it.  Our engineers are more than happy to check it out and make sure it is safe.  After all, we are here to serve you!

April 22, 2020

Why Ad Hoc IT Services Are So Dangerous!

Posted by Deborah Frazier in INSI Articles

What Are Ad Hoc IT Services?

Ad hoc IT Service is a case by case engagement with an independent contractor or an IT Support Company.  On the surface, it appears to be a viable option for IT support.  However, upon closer examination, it is the most dangerous way to support an IT environment.

Dangers of Ad Hoc IT Support

Imagine for a moment you are a doctor and a patient comes in with bad back pains. As a first step, you want to do a cat scan or MRI.  However, the patient wants you to treat them without any of the tests.  At this point, you can only diagnose based on the symptoms.  So, you give them pain killers.

As a result, this relieves the symptoms for a while, but their pain comes back.  Now, the patient claims you didn’t diagnose them correctly the first time and therefore they should not have to pay for subsequent visits.  Consequently, both the provider and the client suffer.  That is how ad hoc often works!

The risk to the IT Support Provider

When a company performs ad hoc services, they take any risk.  For example, they risk not knowing how a fix can affect other things on the network.  After all, they do not know how it is set up, what it’s connected to, or historical issues.  Therefore, they will always get blamed if it causes more problems.  This can lead to reputation loss.

Many clients will use ad hoc as a litmus test to see if the IT support company is good enough to support their environment full-time.  However, in the end, it is a roulette game.  For example, if the provider can fix the problem, they will win the business.  If they can’t, they will lose it.  Unfortunately, they lose their reputation along with it.  Therefore, many providers avoid ad hoc all-together.

The Client Bares the Cost

Clients have it worse.  First of all, ad hoc does not offer any monitoring or updates.  This makes it easier for viruses and hackers to creep into the system. Second, there is no documentation on the environment.  This means the engineer can only approach the issues based on the symptoms.  Without understanding the root cause this can lead to multiple breaks in the system and expensive repeat visits. Last, you are at the mercy of the provider’s schedules as they have no way of knowing when multiple client calls will come in. When that does happen, their recurring revenue clients will come first.

Most important, the client bears the cost.  Since you pay by the hour, you also have to pay additional for the virus cleanup, breaks, fixes, and multiple attempts.  Trust me when I say that this adds up!  If you are dependent on your computers to do business, you would be much better off with a monthly contract.

The Two Exceptions to Using Ad Hoc IT Services

I believe there are two exceptions to the rule of using ad hoc IT services.   Obviously, internal IT departments sometimes need additional resources on a temporary basis.  This could be for projects, seasonal, or advanced issues.

The next one is for companies that need less than one-fourth of an hour of IT support per month. The reason for this is because they are not heavily dependent on their network.  Consequently, ad hoc can be appropriate when very little changes are made in the environment – as long as it is set up the right way.

Why Companies Choose Ad Hoc

Many small- and medium-sized businesses use ad hoc IT services in an effort to save money and control their cost.  As a matter of fact, many independent contractors charge as little as $50 per hour for their services.  Obviously, this seems really great on the surface, but it is actually quite dangerous.

Companies that use ad hoc IT services are at a high risk of viruses, failures, and hacks.  In addition, the lack of documentation results in repeat visits and multiple breaks in the system.  Therefore, the combination of downtime and excess hours far outweigh the cost of a monthly contract with a reputable company.  This makes for a very sick network.

A Better Alternative

A better alternative to “Ad Hoc” IT services, is INSI’s Managed Services or Customized IT™.  INSI has a tiered structure that can offer decreased rates on 80% of the IT support issues without sacrificing quality.  This is because our tiered structure allows us to charge entry-level rates for entry-level tickets, which constitutes 80% of the IT support tickets.  Further, we can manage the entire environment, fill in the gaps for an internal IT team, or we can break out the services to the client’s exact needs.  Finally, we can do all this for a fixed fee.

Do You Want To Learn More About The Difference Between Ad Hoc and INSI’s Customized IT™?

Go here to see the various types of IT support, their pros and cons, and great questions to ask the provider on each one.

In addition, if you would like to know more about this topic and how it affects you, visit Amazon or Barnes & Noble for a copy of the book IT Outsourcing Secrets – A Small Business Guide to Comparing IT Support Companies.

 

April 15, 2020

The IT Maturity Level of the MSP Determines Your Service Quality!

Posted by Deborah Frazier in INSI Articles

Bringing it All Together – People, Processes, and Technology

In my last seven posts, I went into great detail about the areas where IT support companies often fail.  To summarize, they include a variety of issues surrounding people, processes, and technology.

Therefore, if a failure occurs in any one of these areas, your IT support services will be negatively impacted.  That is why you need to know their capabilities BEFORE you choose an IT support company.  Without a doubt, it all starts with their IT maturity level.

Definition of IT Maturity Level

What is an IT Maturity Level?  Simply put, it is the ability of an IT organization to deliver exceptional service and continuously improve its performance.  Subsequently, there are several IT Maturity Models on the market.  However, I think the one that best suits MSPs is the Gartner Self-Assessment Tool.  Moreover, this model measures the IT maturity level in regard to infrastructure and operations.  How?  First of all, it ties together the three pillars of success: people, processes, and technology.  Second, it transfers them into a mechanism for continuous improvement.

Unquestionably, you will receive better service with a company that is focused on continuous improvement.  Therefore, why pay the same amount for a company that is just winging it?

How is the IT Maturity Level Measured?

Is the IT maturity level measured in years, processes, experience, or a combination?  I have been in this industry for nearly 20 years.  During that time I have seen many MSPs come and go in a variety of ways.  For example, I have seen MSPs who went international, sold, stayed stagnant, closed their doors, and even a few who grew and shrank over and over again.  Undoubtedly, it was clear to me, and others in the industry, why some were successful and others weren’t.  Hence, it all had to do with where they were on the IT maturity scale.

Let’s take a look at the Gartner Self-assessment Tool:

  • Level 1 Awareness – At this stage, the company is reactive and fighting fires all day long.  They have no defined processes or technology tools to help them provide consistent service.
  • Level 2 Committed – The MSP starts to invest in industry best practices and initiate formal processes.  They start to invest in a robust ticketing system, network monitoring tools, and asset tracking.
  • Level 3 Proactive – It is not enough to have the technology tools, the MSP must also program them for continuous improvement.  For example, use the ticketing system to measure key performance indicators and implement processes to overcome areas of weakness such as preventive maintenance.  In addition, there is a focus on hiring the right engineering talent that can follow processes, communicate well, and has great problem-solving abilities.
  • Level 4 Service-Aligned – At this level, the MSP is a trusted business advisor.  As such, they have all their people, technology, and processes in place.  As a result, they are have improved customer support, talent utilization, and decision-making capabilities.
  • Level 5 Business Partner – Finally, the MSP is at a stage where they are forward-thinking and they are discovering new ways to help their clients meet their goals through technology.

As you can see, the more mature the organization is, the better the service you will receive.  Therefore, it is imperative to understand what stage the provider is at in the IT maturity model.

Why Do So Many IT Support Companies Fail

Unfortunately, it is not enough to have bright engineers.  After all, starting an IT support company is expensive, and it takes years before they make a profit. The engineers know the right concepts, but without the tools, they can’t measure up. So, when an engineer starts their own business, they try to get by on a shoestring budget believing they are so smart that their clients will put up with it. They find the cheapest tools to manage, monitor and support their clients. However, in the end, the client gets cheap results. So, if you are wondering why your service levels are not consistent, this is likely one of the root causes!

INSI Has Invested in a Strong IT Maturity Model

INSI has invested in technology tools, processes, and people to deliver a higher quality of service.  In fact, our main measurement of quality is client satisfaction.  In addition, we used a tiered approach to deliver customized programs while decreasing 80% of the IT support costs.  To find out more, click here or call us at 770-387-2424.

Click here to see a webinar on What a Mature IT Organization Looks Like and watch at your own convenience.

Do You Want To Learn More About IT Processes?

This information is part of what is covered in my book, IT Outsourcing Secrets.  If you would like to know more about this topic and how it affects you, visit Amazon or Barnes & Noble for a copy of the book IT Outsourcing Secrets – A Small Business Guide to Comparing IT Support Companies.

 

April 8, 2020

IT Processes

Posted by Deborah Frazier in INSI Articles

What is the Best Quality in an IT Support Engineer?

Survey Says: Ability to Follow Processes

Let’s face it, you can have the most talented engineer in the world, but if he doesn’t follow processes, he is a liability to your organization.  Consequently, processes help the entire staff with everyday routines without making them stop and think of every mundane task each step of the way. Most importantly, processes allow the engineer to free up their mind and concentrate on the task at hand by providing a program for repeated activities.

Consistency is Key to Quality Service Delivery

Processes are the only way to create consistency of service. Yet, for the processes to work, they must be specific to the service delivery and adhered to by the engineers. When either of these fails, you receive poor service. However, a mature IT organization invests time and tools to ensure the processes help with continuous improvement and premium service.

Processes Create Efficiencies

Processes create efficiencies, and great service companies are efficiency experts.  Processes are the cornerstone for efficient and excellent service.  Subsequently, a successful business process will cut across the whole organization – not just the individual department. Even sales, accounting, and HR need to be part of the solution. A good example of a failed process is when a salesperson tells the client one thing and the delivery is much different.

Learn from My Experiences

I learned first-hand the importance of the following process very early in my IT support sales career.  For example, I had a client once who understood our escalation policy very well. Why? Because this was one of my selling points. First, I would share that the engineer had 15 minutes to define the problem and map out a solution. Second, if they could not do this, they were required to escalate the issue to a more senior engineer. Of course, the original engineer would still own the ticket, but the second engineer would fix the problem as they watched. This served three purposes:

  1. The client didn’t have to re-explain the ticket over and over again as it changed hands from one engineer to another.
  2. It sped up time to resolution for the client.
  3. The engineer increased his/her knowledge base.

That sounds great, right? It was – right up to the point that the engineer did not follow the process.

Fact: Engineers Hate Asking for Directions

Let’s face it, engineers are notorious for wanting to solve problems on their own – no matter how long it takes. So, when Mike was at the client site for four hours without a plan of action for a single desktop issue, I heard about it from the client. Mike didn’t realize it was not about him. Because of his unwillingness to let go of the issue, an important executive was without the use of her computer for four hours!

Engineers Who Do Not Follow Processes Cost the Company Money

You will often hear me say that billable time is king in the IT support industry.  In this case, there appeared to be no end in sight as Mike tinkered around for a solution.  As a result, our company was losing money.  After all, Mike could have resolved multiple issues for our clients during the time he took to solve this one issue.  Therefore, the cost of that one ticket to us was the engineering salary + the potential billable time = $580 loss. Unfortunately, I have no idea what the financial impact was on the client.

How Do You Know if Your IT Support Company is Following Defined Processes?

The following are strong indications your IT Support Company is weak on process follow-through.

  • Repeat questions
  • Engineers learning on your time
  • Repeat issues
  • Long resolution times
  • Long response times
  • Bad communication
  • Poor management
  • Competing priorities with your own Internal IT Department
  • Poor Engineering Attitudes

INSI Values Processes

At INSI, we know that processes form the framework to improve operational efficiencies and deliver premier service. Below are a few examples of some of our process and the benefits to our clients:

  • Always Do What is Best for the Client – Nothing is more important than this.
  • Assign the Ticket to the Correct Engineer – We have a tiered structure that forces tickets to be assigned to the correct skill level.
  • One Engineer Owns the Ticket – It is important for one person to own the ticket and involve others to help him/her as needed. This will speed up the time to resolution for you.
  • Escalation Process – Our escalation process has a mentoring aspect to it which speeds up your resolution and helps our engineer expand his/her knowledge base.
  • Quarterly Preventive Maintenance – A process that allows us to catch issues before they become a real problem for you.
  • Monitoring Response – Alarm response protocols are defined at the kickoff meeting and strictly followed.
  • On-boarding New Clients – Documentation, asset tagging, client handbook, introductions, etc.
  • Time-Slip Lag – Our engineers document the problem and resolution while it is still fresh in their minds. As a result, engineers can access the knowledge base for solutions if/when they come across the same issue again.
  • On-Going Documentation – Fresh documentation helps us make informed decisions and recommendations to your company.

In conclusion, processes make the difference between a successful client relationship and a failed one.  If you are having inconsistent service, this may be the culprit and it is time to contact INSI!

Do You Want To Learn More About IT Processes?

If you would like to know more about this topic and how it affects you, visit Amazon or Barnes & Noble for a copy of the book IT Outsourcing Secrets – A Small Business Guide to Comparing IT Support Companies.

 

April 7, 2020

How to Protect Your Cell Phone From Smishing!

Posted by Deborah Frazier in "How To" Articles

Smishing and How to Protect Your Cell Phone

What is a Smishing Email?

A smishing email is a general term for a text that requests for you to click on a link, respond, or provide personal/corporate information.  The results of a successful smishing attack could mean compromised pin number, credit card information, passwords, social security number, and other private details that could lead to stolen identity.

What Types of Viruses Are Phones Vulnerable Too?

Interestingly, the types of viruses infested on phones are similar to the ones you see on computers.  For instance, your phone can be compromised adware, malware, ransomware, spyware, or Trojan horses.

How Do You Avoid Becoming a Smishing Victim?

There are many ways you can arm yourself against smishing attacks.  They include awareness, research, and avoidance.

1.  Watch Out for Questionable Text

smishing exampleClearly, this text example is an attempt to scam Trump supporters.  Subsequently, smishing texts often claim to already have an existing relationship with you. Remember, if you are not sure don’t click or respond.

The second clue is an immediate call for action.  Smishing texts will use emotional manipulation to try to get you to click or respond immediately.  In this example, they are clearly aiming to use a scare tactic by using the word “FAILED” in caps.

In addition, smishing texts will often use banking information to solicit feedback.  In some cases, they can even provide part or all of your account numbers.  Make sure it is legitimate before clicking.

2.  Google the Phone Numbersmishing example 2

When in doubt research the phone number.  In this particular example, it was a car insurance company.  Obviously, this is not the Republican party as suggested in the text above.

3.  Be Wary of Location Awareness

Cybercriminals are smart! They can use the VPN app on your phone to reveal your location. Subsequently, they know that a local text is more personal and will often yield a response from their victims.  For example, they can make it appear that you are receiving an offer from a local pizza parlor.

4.  DON’T CLICK or Respond

Watch out for emails from unknown sources that ask you to click on something or respond.  Both of these activities will download a virus on your device.

You should also beware of unsolicited emails from known senders with short subject descriptions or just a link.  For example, that person in your church or networking group that you hardly know will likely not send you a text with just a link out of the blue.

How Do You Know if You Are Already Infected?

Your phone could already be infected without your knowledge.  Here are some simple clues to find out if you are infected.  Is your:

  • Phone crashing a lot?
  • Is the battery draining much faster?
  • Phone showing new apps you didn’t download?
  • Device showing an unexplained sizable increase in data usage?
  • Phone company billing you for questionable text charges?
  • Does the device receive pop-up adds?
  • Phone overheating often?

How to Clean Up a Virus on Your Phone

To clean up a virus on your phone the first thing you need to do is clear the history and data.  This should help with any type of pop-ups.  Secondly, power off and restart your phone.  Thirdly, restore from an earlier backup if the first two steps didn’t work.  Last, restore as a new device as a last alternative.

Be Proactive About Smishing

The most important thing you could do to avoid a smishing scam is to download antivirus software on your phone.  Many users believe their cell phones are immune to security threats, but that is not true.

If You Think You Have A Smishing Text – Let Us Know

This post is part of the INSI Awareness Campaign that is designed to keep our clients protected and informed.  In addition, you can click here to learn more about our security offerings.

Most importantly, if you are concerned about smishing texts, please do not hesitate to contact our helpdesk at 770-387-2424 before opening it.  Our engineers are more than happy to check it out and make sure it is safe.  After all, we are here to serve you!

 

1 2 3 4 5 6 7

© INSI IT. All Rights Reserved