Managed Security

Network Security is the Biggest Threat to Your Business Relationships!

Network Security Risks: Your Clients, Vendors, and You!

Did you know the average hacker lives on your network for 9-months before being detected?  That is 9 months of cybercriminals digging into your financials, human resources information, and intellectual property!  Further, if your business is storing, accessing, or transmitting client or patient data, you legally responsible for securing those records.  As a result, clients, prospects, and patients will now view you as a security risk for sensitive information.

History of Network Security for Small- and Medium-Sized Businesses (SMB)

In the past, managed security was unaffordable to SMBs.  However, in recent years, the cost has come down significantly.  More importantly, managed security technology has advanced tremendously.  Therefore, small- and medium-sized businesses no longer have to rely on the basic block and tackle security techniques.  Instead, they can now armor their network with the most advanced security measures.

Do Criminals Want SMB Data?

Remarkably, the average SMB CEO claims hackers are not interested in their small company.  Yet, that is exactly what makes them a great target.  According to the Ponemon Institute, 69% of targeted attacks were SMBs.  Even more daunting is the fact that 60% of SMB businesses never recover from a severe cyberattack.  Therefore, network security is a must-have for all businesses that rely on their data, regardless of size.

Are You Responsible for Your Clients’ Data?

Unfortunately, a lack of security does not just put your data at risk.  In today’s world, many businesses are trusted with sensitive information that belongs to another company.  For this reason, supply-chain network security has become a mandatory requirement for vendors who want to do business with enterprise or government entities.  Specifically, these are vendors who have access to, transmit, or store their sensitive data.

Similarly, the HITECH Act requires all covered entities (healthcare providers) to adopt Business Associate Agreements.  This can be found in the HIPAA Risk Assessment Administrative Safeguards.  In short, this rule makes the vendors equally responsible for protecting patient data.

In addition, you should also take precautions if your business captures individuals’ personal information.  Examples include:

  • Credit Card/Debit Card Information
  • Social Security Numbers
  • Phone Numbers
  • Addresses
  • Drivers License Number
  • Passwords
  • Banking Information
  • Your employees’ personal information

It is a good exercise to think through all the companies you share this information with.  Examples include telemarketers, HR companies, data analysts, etc.  Next, take precautions to ensure your vendors are safeguarding your company’s sensitive information.

Georgia State Security Breach Notification and Network Security

Interestingly, all 50 states have implemented Security Breach Notification Laws that require businesses to notify individuals when there has been a breach that involves personally identifiable information. Specifically, Georgia Security Breach Notification Law lists the types of data that make individuals most vulnerable. Additional requirements state a company “shall notify the information broker or data collector of any breach of the security of the system within 24 hours following the discovery.”

Therefore, it is not only in your best interest to perform a Risk Assessment on yourself, but also on every vendor you share sensitive information with. This is because regardless of who is at fault for the breach, your employees and clients will ultimately hold you responsible if you did not do your due diligence.

Root Cause of Most Data Breaches

Interestingly, negligent employees and contractors account for 62% of all data breaches.  Unfortunately, Ponemon Institute 2019 Global State of Network Security report states, “The biggest problem is not having the personnel to mitigate cyber risks, vulnerabilities, and attacks (77 percent of respondents). The next biggest challenges are insufficient budget (55 percent of respondents) and management having no understanding of how to protect against cyberattacks (45 percent of respondents).”  That is where INSI can help.

INSI Has Network Security Programs for SMBs

Fortunately, you do not have to go through this alone.  INSI has comprehensive Managed Security packages to help protect your sensitive data.  Examples include:

  • Security Information & Event Management (SIEM) – 24/7 real-time threat monitoring, event correlation, and incident response.
  • End-Point Managed Detection & Remediation (MDR) – The next level of anti-virus analyzes and monitors events on devices, detect threats, stops the threat, and guides you to remediation.
  • Risk Assessments – Identify strengths, weaknesses, opportunities, and threats (SWOT) to your network by using policy-based frameworks.
  • INSI Complete Security Package – includes a security audit, network security vulnerability assessment, semi-annual security check, biannual penetration test, phishing email test and training, quarterly security checks, staff training, antivirus monitoring, web content filtering, web protection, and spam protection.

Contact INSI today to find out more about our security offerings at 770-387-2424.

About INSI

Since 1995, INSI has been providing IT support to small- and medium-sized businesses (SMBs) in both Georgia and Alabama.  We offer Managed Services and our own unique INSI Customized IT™ package.  Additional services include hosting, disaster recovery, managed security and unified communications.

IS Your MSP Really Protecting Your Data?

Regardless of What You Think: IT Support Companies Do Not Automatically Include Managed Security Services in Their Package

A recent survey shows most small and medium-sized businesses believe their IT support company is actively managing their security. Yet, in reality, managed security services are a separate offering.  Unfortunately, what IT support providers actually provide is the basic block and tackle. If you want to ensure your data is safe, you need to know the difference and know the right questions to ask.

What is Basic Block and Tackle?

Basic Block and Tackle Security is the process of locking down the most obvious hacker entry points. This is similar to putting locks and a warning alarm on your house.  However, it does not provide analysis, context, or guidance on what to do next.  Examples of basic Block and Tackle Security includes:

  • Firewalls can do content and web filtering as long as the employee is working inside the network.
  • Antivirus software must consistently be updated for new malicious viruses.
  • Updates and patches are critical and are usually performed on server operating systems, not the applications.
  • Backups are the final defense for ransomware and allow the IT support provider to set the system back to a time before the breach took place.

Unfortunately, basic Block and Tackle security measures have a very limited impact on the overall cybersecurity health of your system.  In fact, cyber-investigators have determined that hackers typically occupy the network for 9 months before they are discovered.  Clearly, a hacker can steal and do a lot of damage to the network in a 9-month period.  Therefore, your security should be taken very seriously.

True Managed Security Services

In contrast, Managed Security Service firms monitor your network for breaches, hacks, and risks every second of the day. It is a full line of protection similar to motion detectors, security guards, infrared scanning, and biometric locks on your house.  Furthermore, Managed Security companies actively monitor and analyze known and new security threats.  Most importantly, they know exactly what to look for and how to respond.

Interestingly, there are two motivations for businesses to address cybersecurity: compliance and risk.

Regulations and Managed Security Services

Regulatory compliance has been the major driver until recent events. Popular examples include HIPAA, PCI, and Sarbanes- Oxley.  However, cybersecurity is such a well-known risk that supply chains are now insisting their contractors meet certain standards.

Unfortunately, regulatory compliance often entices companies to take the cheapest route in an effort to check off boxes and move on. Consequently, doing the “bare minimum” will get you the lowest result.  Therefore, I encourage you to take this opportunity to lock down your systems as much as possible to avoid breaches, fines, and public scandal.  After all, you do not want to be that company that is known for causing a major breach on their client’s network.

Risk Protection and Managed Security

On the other hand, the companies who want to avoid risk take a completely different approach. Typically, these companies have had a cyber-attack or have reason to believe they will be attacked.  In this instance, they want to monitor, analyze, and respond to attacks as quickly as possible.

Find Out if Your MSP is Doing Basic Block and Tackle or Managed Security Services for Your Company

Unfortunately, most small- and medium-sized businesses believe they are completely protected by their MSP.  Consequently, that assumption has cost a lot of businesses hundreds to thousands of dollars.  In fact, Appriver, a well-known spam and encryption company, states that the average cost of a data breach is $149,000!  Yikes!

Questions to Ask Your MSP

So, how do you know if your MSP is providing complete protection?  Ask these three questions.

  1. Do they have a Security Operations Center (SOC)?
  2. How many security analysts do they employ? To operate a true 24/7 SOC will require a minimum of 12 full-time security analysts.  Not network engineers, but security analysts.
  3. Ask them about their service level agreements and how they respond to alerts. For example, ask them about their incident response practice. Interestingly, the majority of IT Support companies act as human alert routers. In other words, when an alert occurs, they simply email it to their clients. Unfortunately, they do not provide analysis, context, or guidance on how to respond.  Clearly, you want to make sure they provide the analysis, solution, and a pathway to resolve the issue.

Why INSI Chose Cybriant!

At INSI, we always want to do what is best for the client, and for Managed Security Services we chose Cybriant. Fortunately, Cybriant not only reduces the probability of a breach, but they also limit the damage if an event occurs. In fact, they operate a fully staffed SOC 24x7x365.  When an event does occur, they inform us and our clients of the breach.  Most importantly, Cybriant analyzes the alert, grades how critical it is, and provides you guidance on what to do next.  In some cases, they have already performed the remediation.  It’s a great partnership!


INSI is an Atlanta based IT support provider and channel re-seller of Cybriant Managed Security Services. We can help you determine the best services that are specific to your managed security needs. If you have regulation or are concerned about security threats, please call INSI at 770-387-2424 to speak with one of our experienced consultants today.

When To Use Independent Contractors for Business IT

Using Independent Contractors for Business IT

Independent Contractors (IC) can be useful for a number of IT projects, maintenance, and support.  However, they should not be the primary means of IT support for a company that is dependent on their technology.  A good analogy of this is a football team.   We all remember that legendary high school football game when our team was down by one touchdown.  When all seemed lost, the center snapped the perfect hike, the offensive line protected the quarterback from certain annihilation, and the running back distracted two defensive players.  Suddenly, the quarterback threw the winning pass and the kicker made the final extra point that took the team to victory.  Then, with just one point in the lead, the defense held the opposing team to prevent a comeback!  Victory!

In the same way, your business network needs a team to protect it and ensure your staff stays productive.  After all, your IT holds all the intellectual data of your business.  Every email, phone call, and document is a window into your business.  That is why it is so important to protect it from hackers, hardware failures, software glitches, and end-user mistakes.  Yet, one person does not have all it takes to protect and care for your network.  Similar to an individual trying to play all positions on the football field, they lack the people, resources, and technology to protect your network. That is why you need a mature Managed Service Provider.

Concerns of Using an Independent Contractor for IT Support in a Thriving Business

Unfortunately, Independent Contractors do not have the tools, resources, or technology to deliver the same level of support that a mature Managed Service Provider can.  Some examples of this include:

  1. Unpredictable Cost – Independent Contractors offer ad hoc services which are “pay-as-you-go.”  Due to the many issues associated with ad hoc, the risk is high and the cost can get out of hand quickly.
  2. Single Point of Failure – Sickness, vacation, full-time job offers, and even death can be devastating to your business IT if you use an independent contractor.
  3. Limited Knowledge – While you can find independent contractors who are extremely talented, there is not one IT person who knows everything that is needed to fully support a network.  Further, they typically don’t keep up on new certifications.  This results in the IC learning on your time.
  4. Lack of Documentation – It can take years to make an IT support operation successful.  For this reason, IC’s lack the robust ticketing systems, asset tagging, and business process to track the issues and assets.
  5. Low Availability – In short, one person can not be in two places at one time.  Consequently, the IC will put its more profitable clients first.
  6. Lack of Insurance – The vast majority of IC’s do not have business insurance.
  7. Insufficient Monitoring – Monitoring is essential for catching issues early on.  Yet, robust monitoring tools are not affordable for IC’s.

It’s important to ask questions surrounding these concerns when considering any outside individual for ongoing IT support.

When To Use an IC for Business IT

There are indeed times when it makes sense to use an independent contractor.  For example, it is great for companies whose needs are less than 1/4th of an hour per person per month for support.  Or, if a company has less than 5 computers.  In these cases, the companies are not highly dependent on their IT to justify daily support.  Rather their needs are sporadic and an IC is more appropriate.

Another time independent contractors are good for business is when their specific skill sets can help with strategic consulting or temporary projects.  This typically makes sense when you have an internal IT department and need outside expertise on a temporary basis.

When NOT to Use an IC for Business IT

However, when you need more than 1/4th of an hour of support per person per month, an IC won’t do.  In these cases, you are highly dependent on your IT and are likely a target of hackers.  You need the breadth/depth of experience, technology tools, and resources only a Managed Service Provider can provide.  With a mature Managed Service Provider you will get:

  1. Documentation
  2. Monitoring of Network and Desktops
  3. Tracking of Key Performance Indicators (KPI) and Continual Improvement
  4. Asset Tracking
  5. Live Network Operations Center
  6. Breadth and Depth of Multiple Engineers and Various Levels of Expertise
  7. High Availability

Trust INSI For All Your Business IT Needs!

A better alternative to Independent Contractors is INSI’s Managed Services or Customized IT™.  INSI has a tiered structure that can offer decreased rates on 80% of the IT support issues without sacrificing quality.  This is because our tiered structure allows us to charge entry-level rates for entry-level tickets, which constitutes 80% of the IT support tickets.  Further, we can manage the entire environment, fill in the gaps for an internal IT team, or we can break out the services to the client’s exact needs.  Finally, we can do all this for a fixed fee.

Do You Want To Learn More About The Difference Between “Independent Contractors” and INSIs Customized IT™?

Go here to see the various types of IT support, their pros and cons, and great questions to ask the provider on each one.

In addition, if you would like to know more about this topic and how it affects you, visit Amazon or Barnes & Noble for a copy of the book IT Outsourcing Secrets – A Small Business Guide to Comparing IT Support Companies.

The Dangers of Your MSP Outsourcing Your Client Work Offshore

MSP Outsourcing Client Work

We have all had outsourcing nightmares.  In fact, the time has shown that the word “outsourcing” has a negative connotation.  More than likely, certain instances come to mind as you read this article.  For example, many times you couldn’t understand the representative on the phone.  Or the times you have been transferred over and over again, each time having to repeat yourself, only to be disconnected.  Does all that sound familiar?  Yet, it is even more frustrating to find out that the company you outsource with is also outsourcing your work overseas.

Why Do MSP’s Outsource  Your Work?

MSPs outsource your work offshore to make more money.  It’s really that simple. In the book “Infinite Scale” the author goes into great detail about how the average engineer costs him $65K per year and he only gets 65% billable time out of him.  He reasons that he could make a much bigger profit outsourcing offshore.  And that is how many outsourcer’s think.

There are a number of problems with this mentality.  First, the cost savings are generally not passed on to you.  For example, I know of one company that pays an offshore outsourcer in Columbia $6 an hour for project work, and yet they still charge their clients $150 an hour.  Yikes!  Now that is a good profit margin….that you never benefit from!

Second, they sacrifice quality for the almighty dollar.  This is especially true when the offshore outsourcer is customer-facing.  Hence, the example is first given in this article.  However, it is also true when it is only the Outsourcers engineers who talk to them.  Understandably, this is due to communication barriers, which makes it difficult for offshore engineers to understand the requirements.  In the end, you get subpar work.

Third, technological advancement in other countries is not equal to the United States.  Weaknesses in IP security can not only be dangerous and a massive financial risk, but also impact the speed of business processes.

The Biggest Issues with Your MSP Outsourcing Your Work Is……

Legal disputes.  Clearly, other countries abide by different laws and rules.  For this reason, it is difficult to hold the offshore companies accountable.  Understandably, this can pose a huge problem if they are given access to client domains, intellectual software code, network passwords, etc.  Therefore, it is especially important to ask if your MSP is using an offshore company to do any of your IT work.

The Problem for America!

I am actually writing this article at home during the Coronavirus shutdown.  Today, nearly 30 Million people have lost their jobs because of this epidemic.  That’s why I believe, now more than ever, it is important to hire locally.  Clearly, we are all part of the supply chain.  Americans have to make money to spend money.  So why send our money overseas?

In the same way, why would you want to work with a company that outsources overseas if you don’t get the cost savings?  Further, why risk all the legal implications with offshore services and receive subpar services?  Instead, use a company that only hires locally and supports your community.  You will have better communications and better service.  In addition, you will be able to verify their work quality with other local companies.

INSI ONLY Hires Atlanta-Metro Engineers

INSI supports our local community by hiring Atlanta Metro engineers, partnering with Atlanta-Metro companies, and giving back to the local community.  Most important, we do not outsource any engineering work overseas.

Do You Want To Learn More About IT Outsourcing and What to Watch Out For?

Go here to see the various types of IT support, their pros and cons, and great questions to ask the provider on each one.

In addition, if you would like to know more about this topic and how it affects you, visit Amazon or Barnes & Noble for a copy of the book IT Outsourcing Secrets – A Small Business Guide to Comparing IT Support Companies.

5 Things You Need to Know About the “Fixed Rate” IT Support Plans!

What is a “Fixed Rate” IT Support Model?

A “Fixed Rate” IT support program provides an unlimited number of tickets per month for all the equipment listed under the scope of the contract.  This plan is the most commonly used IT support plan among all Managed Service Providers (MSP). Primarily because it is easy to bill and it’s easy for the client to understand.  However, it is not as cut and dry as one might think.  As you can see below, there are many caveats to the program:

 1. The “Fixed Rate” Monthly Cost IS Predictable

The number one reason why clients love the “Fixed Rate” IT Support Plan is a low risk.  Subsequently, the client does not need to manage the number of end-user calls or worry about unforeseen labor costs with their network equipment.  Hence, everything is covered.

 2. The IT Support Provider Bears the Cost Risk

Unlike Adhoc, Blocks-of-Time, Use-it-Or-Lose-it, or the Budget IT Support models, the Fixed-Rate plan puts the full burden of cost on the provider.  For example, the provider would be on the hook to clean up a virus that hit all the computers at once.  In other words, it includes unlimited calls.  Obviously, clients LOVE this!

 3. The “Fixed Rate” Cost Only Covers What is Under Scope

Unfortunately, unlimited is not exactly “unlimited”.  Hence, the provider will only cover the assets that are under contract.  For example, let’s say the manager brings in and sets up a new computer.  Unless that computer is added to the scope, all labor is billed separately at a high hourly rate.  In fact, all new computers and server installs are considered “projects” and will be billed at high hourly rates.  Only then is it added to your support agreement and the monthly cost goes up.

Further, unless told otherwise, the cost never drops off.  For example, you will continue to pay the same cost if your company downsizes and you no longer need certain computers.  This may seem obvious to you and me, but you would be surprised at the number of companies that forget to renegotiate their contract at the time of renewal.  In other words, they just let it roll over into a new contract under the same terms.

4. The “Fixed Rate” Hourly Rates Are Substantially Higher Than Other IT Support Models

This is the part that seems to be a real eye-opener for most people, so pay close attention.

That “per seat” or “per device” cost is not how it appears.  Most MSPs will charge $75 to $175 per seat per month.  Maybe more for servers.  To the unknown decision-maker, this seems fairly reasonable.  However, these service providers are not going to lose money.  In fact, they need to make sure there is a healthy cushion for unlimited calls and unforeseen events.  Let’s take a look more closely.

MSPs determine their rates by the industry averages.  For example, industry metrics show that the average computer takes 30 minutes per month to support.  Therefore, they can take care of 2 computers per month in an hour.  Not only does the mean that $75 per seat is actually equivalent to $150 per hour, but $175 per seat is equivalent to $350 per hour.  Ouch!

It should also be noted that 80% of your IT support calls are entry-level calls.  That means that you are paying $150 – $350 per hour for entry-level calls!  (Insert shock emoji here!)  Furthermore, project and add-on rates are charged even higher than that.

5. Not All “Fixed Rate” IT Support Companies Are the Same

As with all things, no two MSPs are identical.  Watch out for the following:

    • IT Maturity Level – The IT Maturity Level is more important than any other factor when considering an IT support provider.  Most importantly, it measures the efficiencies of the people, processes, and technologies.
    • Additional Fees – Many MSPs will charge a travel fee (trip charge), onsite fee, or after-hours fee.
    • Terms – Terms range from month-to-month all the way up to 10-years.  Many will automatically rollover if the client does not give notice in a specific period of time.  Therefore, it is always important to understand the terms.

A Better Alternative

A better alternative to “Fixed Fee” IT services, is INSI’s Managed Services or Customized IT™.  INSI has a tiered structure that can offer decreased rates on 80% of the IT support issues without sacrificing quality.  This is because our tiered structure allows us to charge entry-level rates for entry-level tickets, which constitutes 80% of the IT support tickets.  Further, we can manage the entire environment, fill in the gaps for an internal IT team, or we can break out the services to the client’s exact needs.  Finally, we can do all this for a fixed fee.

Do You Want To Learn More About The Difference Between “Fixed Rate” and INSI’s Customized IT™?

Go here to see the various types of IT support, their pros and cons, and great questions to ask the provider on each one.

In addition, if you would like to know more about this topic and how it affects you, visit Amazon or Barnes & Noble for a copy of the book IT Outsourcing Secrets – A Small Business Guide to Comparing IT Support Companies.