Managed Security

6 Security Tips for the Unprecedented Remote Workforce!

Remote Workforce Security Tips

Who would have suspected in February that, as early as March 18th we would all be working from home full-time, cyber-teaching our kids, and on government lock-down?  We are indeed working in unprecedented times.  Like it or not, it has indeed changed the way we see the world, both personally and professionally.

Remote Workforce Impact on Companies

While this time has been especially hard on each one of us as workers, it is equally as hard for companies.  Imagine not only having the responsibility of making enough profit to keep all workers on the payroll but also blindly trusting each worker to protect your company data in a different environment.

Unfortunately, one honest mistake could cost the company a fortune.  Therefore, the remote worker’s ignorance or unwillingness to adhere to cyber-security policies could negatively impact a company’s ability to stay afloat.  Clearly, these are trying times for all of us.  As a result, it is up to each one of us to do our part to keep our companies profitable.

Ways You Can Help Protect Your Company Data

There are several ways you can protect your companies data when working remotely.  This includes a combination of safe practices and good communication with your IT team.  After all, your IT team is always available to help you make the right decisions.  Below is a list of ways you can do your part to help protect the company’s data.

1. Use Your Company’s VPN When Working From Home

Interestingly, when you are at your office you are on a private network.  As a result, you can send and receive data without it going over the public Internet.  Likewise, remote users typically have access to a Virtual Private Network (VPN) that allows you to do the same remotely.  Obviously, this VPN is a major security vulnerability if you do not use a properly configured firewall.

So, how do you know if you are on your company’s VPN.  It’s simple.  You will know if you are using the VPN because you will access it under your Window’s Settings.  However, there may be several reasons your company does not have a VPN.  Examples include Software as a Service Applications, Office 365, and other secure data sharing.  Therefore, you should ask your IT department about VPN access if you do not see it as an option in your Windows Settings.  They will let you know if you need it or not.  If you do, make sure you always log on when performing work tasks.

2. Reach Out to Your IT Team Before Loading Software

Always remember that your computer is company property and it is is not yours to do with as you please.  Clearly, your IT team exists to both protect your company’s data and keep you productive.  Therefore, you should include them on any and all software download decisions.

Often times, free software is offered to exploit the end-user device.  When this happens, hackers access end-users’ computers as an entry point to all company data.  Therefore, if you download an infectious software, you are giving access to hackers.

3. Save All Work on Corporate Drives

If you’re like most people, you have lost an important file at some point in your life. Undoubtedly, even thinking about it will likely make your heart sink as you remember having to recreate it from scratch.  Now imagine losing all the files on your computer.  That’s the risk you take when you do not back up your files to the corporate drive.

Unfortunately, there are many things that can go wrong when an employee takes their computer home.  After all, you just don’t have the same protections.  For most companies, this includes everything from firewall protection to desktop backups, surge protectors, or even theft.  For this reason, it is vitally important that you store all your documents on the company drive and not your local hard drive.

At the corporate level, all your data is being backed up in case of a natural disaster, hackers, hard-drive failure, or theft. In fact, this is done on a nightly basis.  Yet, when you are not connected, everything is being stored on your local drive.  That’s why it is extremely important that all remote workers copy new files on the company drive every night before they quit work for the day.

4. Think Before You Click

It may be hard to believe, but nearly 95% of attacks on business networks are the result of successful phishing emails.  Even worse, the average cost to a mid-size company is $1.6 million.  This could come in the form of a text like smishing. It could be a targeted attack, that appears to come from a trusted source, like spear phishing.  Yet, they can even come from a trusted friend or acquaintance.   The best thing you can do is to get educated on what a phishing email looks like and how to spot them.

Unfortunately, once a hacker is let into the system, they remain undetected for nearly 9 months on average.  Imagine the damage that a hacker can do in 9 months with unlimited access to all corporate data. Yikes!  Therefore, it is vitally important you get educated on what to look for and what to avoid.  Not just as a remote worker, but for all times.

5. Do Not Share Your Devices at Home

Sometimes it may seem harmless to share your work computer with your children or your spouse.  However, when you do this, you are risking the companies data.  Incidentally, no one ever purposely downloaded a virus.  Rather, they unknowingly visit questionable sites, click on phishing emails, and download infected games.  In the end, the company pays the price and you are the one who gets blamed. Therefore, when you work from home, make sure your family uses their own devices, not your companies assets.

6. Lock Devices When Unattended

It may surprise you to know that even in your own home, your work computer might not be safe.  In fact, anyone who has been in technology long enough can tell countless stories of company devices being improperly used at remote user’s homes.  For instance, one person’s roommate sent out a company-wide email claiming that person was having an affair with the Vice President.  On another occasion, a teenage son accessed his father’s computer, who was a doctor, to prescribe narcotics.  However, the cutest remote working story was when a toddler fell on a keyboard and accidentally sent the father’s venting message to the CEO.  Consequently, it was a message the father hadn’t actually intended to send.

Those are just a few examples of things gone wrong when a computer is left unattended.  Therefore, the best practice is to lock your computer when you leave it unattended.  Another great idea is to set automatic time-outs in the Window’s Settings.

When in Doubt Ask Your IT Department!

Your IT team is here to help.  Whenever you have a question, issue, or problem with your teleworker’s technology, it is best to reach out to them right away.  Most importantly, do not wait until things are out of hand before you contact them.  They want to know what is going on so that they can guide you in the right direction.

INSI is Here to Protect You!

This post is part of the INSI Awareness Campaign that is designed to keep our clients protected and informed.  In addition, you can click here to learn more about our security offerings.

Most importantly, if you are an INSI client and are concerned about remote workforce technology, please do not hesitate to contact our helpdesk at 770-387-2424.  Our engineers are more than happy to guide you on safe technology practices.  After all, we are here to serve you!

How To Protect Your Company From Spear Phishing!

Spear Phishing and How to Protect Your Company

Spear Phishing is a major issue causing small and medium-sized businesses billions of dollars in fraud.  Find out what it is and how you can protect yourself from it.

Example of Spear Phishing

Pam is the Director of Marketing for an international firm.  Recently she received an email from the CEO.  In the email, the CEO asked her to purchase ten $100 Walmart gift cards.  Further, the email stated that the gift cards were a reward for her team doing a good job on a recent project.  Certainly, Pam was thrilled the CEO called her for such an important task.

Quickly, Pam ran down to Walmart and purchased 10 gift cards.  Shen then followed the instructions and emailed him both the gift card and pin numbers.  Unfortunately, the expense was flagged and Pam found out she was a victim of a Spear Phishing attack.

What is Spear Phishing?

Spear phishing is when someone uses a false identity to target an individual.  Subsequently, the sender always appears to be a well known and trusted source. For example, it could appear to come from the target’s executive, boss, or trusted business partner.  As expected, it always involves money or clicking a link.  The most common include:

  1. Brand Impersonation – When a hacker impersonates a well-known company.  One popular example of this is an email from a financial institute that claims there is an issue with your account.  These emails look very legitimate.  The most common are emails from Microsoft or Apple stating there is an issue with your account.
  2. Business Email Compromise AKA CEO Fraud – This is when someone impersonates a C-level executive and requests the sender to wire money, transfer funds, or buy something like gift cards.
  3. Blackmail Scams – When someone claims to have compromising information on you and threaten to expose you if you do not pay them.

How Do These Scams Work?

Scammers are smart.  For instance, with Brand Impersonation or Business Email Compromise: they research the business, their employees, types of transactions, and those in authority.  Next, they establish an email address that is similar to one of the authority figures.  Finally, they email an employee with access to funds or company credit cards and request something that would not be suspicious or questioned by that employee.  On the other hand, Blackmail Scams cast out a wide net in hopes to catch more prey.

7 Technologies That Can Protect Your Company

Clearly, hackers understand the general user’s weaknesses and how to exploit them.  Therefore, the first step to eliminating this threat is to implement some basic technology tools.  After all, if the end-user never receives the email, there is no way they can click on a bad link or respond to it.

  1. Artificial Intelligence Tools – Machine learning tools can analyze abnormalities and filter those emails.
  2. Spam Filtering – Spam filtering will help detect any malware embedded in the email, filter suspicious emails, and identify the origin country of the email.
  3. Antivirus – Antivirus will help detect and filter any viruses.
  4. DMark Authenticating – This technology authenticates the phishing email and puts it into the spam folder or rejects it.
  5. Email Encryption – Email encryption allows you to send and receive sensitive information over the Internet.
  6. Multi-Factor Authentication – This technology requires two pieces of identification to access company data.
  7. Desktop Monitoring – Desktop monitoring will keep your patches and updates current to keep hackers from accessing your email accounts.

5 Employee Training Tips on Spear Phishing

No matter what you do, some emails will still get through.  Therefore, your greatest defense is to train your end-users.  Make sure your employees follow the directions below before acting on anything that requests some form of sensitive information:

  1. The most important advice you can give to an employee is to study the sender’s email address.  Often times, it is a single letter added or missing to the person’s name or domain.  Do not click or act on anything until verified.
  2. Make sure the employee verifies the domain name of the sender.  Do not click or act on anything until verified.
  3. Make sure all employees know that any request to spend money will come from company email addresses, not a personal email address.  Do not click or act on anything until verified.
  4. Train employees to report any questionable phishing emails, texts, or voice mails to your IT department.
  5. Tell the employees, “When in doubt: ask.”  Make sure they are not apprehensive about verifying an email from anyone in your company.  Including the CEO.

INSI is Here to Protect You!

This post is part of the INSI Awareness Campaign that is designed to keep our clients protected and informed.  In addition, you can click here to learn more about our security offerings.

Most importantly, if you are concerned about a spear-phishing email, please do not hesitate to contact our helpdesk at 770-387-2424 before opening it.  Our engineers are more than happy to check it out and make sure it is safe.  After all, we are here to serve you!

Why Ad Hoc IT Services Are So Dangerous!

What Are Ad Hoc IT Services?

Ad hoc IT Service is a case by case engagement with an independent contractor or an IT Support Company.  On the surface, it appears to be a viable option for IT support.  However, upon closer examination, it is the most dangerous way to support an IT environment.

Dangers of Ad Hoc IT Support

Imagine for a moment you are a doctor and a patient comes in with bad back pains. As a first step, you want to do a cat scan or MRI.  However, the patient wants you to treat them without any of the tests.  At this point, you can only diagnose based on the symptoms.  So, you give them pain killers.

As a result, this relieves the symptoms for a while, but their pain comes back.  Now, the patient claims you didn’t diagnose them correctly the first time and therefore they should not have to pay for subsequent visits.  Consequently, both the provider and the client suffer.  That is how ad hoc often works!

The risk to the IT Support Provider

When a company performs ad hoc services, they take any risk.  For example, they risk not knowing how a fix can affect other things on the network.  After all, they do not know how it is set up, what it’s connected to, or historical issues.  Therefore, they will always get blamed if it causes more problems.  This can lead to reputation loss.

Many clients will use ad hoc as a litmus test to see if the IT support company is good enough to support their environment full-time.  However, in the end, it is a roulette game.  For example, if the provider can fix the problem, they will win the business.  If they can’t, they will lose it.  Unfortunately, they lose their reputation along with it.  Therefore, many providers avoid ad hoc all-together.

The Client Bares the Cost

Clients have it worse.  First of all, ad hoc does not offer any monitoring or updates.  This makes it easier for viruses and hackers to creep into the system. Second, there is no documentation on the environment.  This means the engineer can only approach the issues based on the symptoms.  Without understanding the root cause this can lead to multiple breaks in the system and expensive repeat visits. Last, you are at the mercy of the provider’s schedules as they have no way of knowing when multiple client calls will come in. When that does happen, their recurring revenue clients will come first.

Most important, the client bears the cost.  Since you pay by the hour, you also have to pay additional for the virus cleanup, breaks, fixes, and multiple attempts.  Trust me when I say that this adds up!  If you are dependent on your computers to do business, you would be much better off with a monthly contract.

The Two Exceptions to Using Ad Hoc IT Services

I believe there are two exceptions to the rule of using ad hoc IT services.   Obviously, internal IT departments sometimes need additional resources on a temporary basis.  This could be for projects, seasonal, or advanced issues.

The next one is for companies that need less than one-fourth of an hour of IT support per month. The reason for this is because they are not heavily dependent on their network.  Consequently, ad hoc can be appropriate when very little changes are made in the environment – as long as it is set up the right way.

Why Companies Choose Ad Hoc

Many small- and medium-sized businesses use ad hoc IT services in an effort to save money and control their cost.  As a matter of fact, many independent contractors charge as little as $50 per hour for their services.  Obviously, this seems really great on the surface, but it is actually quite dangerous.

Companies that use ad hoc IT services are at a high risk of viruses, failures, and hacks.  In addition, the lack of documentation results in repeat visits and multiple breaks in the system.  Therefore, the combination of downtime and excess hours far outweigh the cost of a monthly contract with a reputable company.  This makes for a very sick network.

A Better Alternative

A better alternative to “Ad Hoc” IT services, is INSI’s Managed Services or Customized IT™.  INSI has a tiered structure that can offer decreased rates on 80% of the IT support issues without sacrificing quality.  This is because our tiered structure allows us to charge entry-level rates for entry-level tickets, which constitutes 80% of the IT support tickets.  Further, we can manage the entire environment, fill in the gaps for an internal IT team, or we can break out the services to the client’s exact needs.  Finally, we can do all this for a fixed fee.

Do You Want To Learn More About The Difference Between Ad Hoc and INSI’s Customized IT™?

Go here to see the various types of IT support, their pros and cons, and great questions to ask the provider on each one.

In addition, if you would like to know more about this topic and how it affects you, visit Amazon or Barnes & Noble for a copy of the book IT Outsourcing Secrets – A Small Business Guide to Comparing IT Support Companies.


The IT Maturity Level of the MSP Determines Your Service Quality!

Bringing it All Together – People, Processes, and Technology

In my last seven posts, I went into great detail about the areas where IT support companies often fail.  To summarize, they include a variety of issues surrounding people, processes, and technology.

Therefore, if a failure occurs in any one of these areas, your IT support services will be negatively impacted.  That is why you need to know their capabilities BEFORE you choose an IT support company.  Without a doubt, it all starts with their IT maturity level.

Definition of IT Maturity Level

What is an IT Maturity Level?  Simply put, it is the ability of an IT organization to deliver exceptional service and continuously improve its performance.  Subsequently, there are several IT Maturity Models on the market.  However, I think the one that best suits MSPs is the Gartner Self-Assessment Tool.  Moreover, this model measures the IT maturity level in regard to infrastructure and operations.  How?  First of all, it ties together the three pillars of success: people, processes, and technology.  Second, it transfers them into a mechanism for continuous improvement.

Unquestionably, you will receive better service with a company that is focused on continuous improvement.  Therefore, why pay the same amount for a company that is just winging it?

How is the IT Maturity Level Measured?

Is the IT maturity level measured in years, processes, experience, or a combination?  I have been in this industry for nearly 20 years.  During that time I have seen many MSPs come and go in a variety of ways.  For example, I have seen MSPs who went international, sold, stayed stagnant, closed their doors, and even a few who grew and shrank over and over again.  Undoubtedly, it was clear to me, and others in the industry, why some were successful and others weren’t.  Hence, it all had to do with where they were on the IT maturity scale.

Let’s take a look at the Gartner Self-assessment Tool:

  • Level 1 Awareness – At this stage, the company is reactive and fighting fires all day long.  They have no defined processes or technology tools to help them provide consistent service.
  • Level 2 Committed – The MSP starts to invest in industry best practices and initiate formal processes.  They start to invest in a robust ticketing system, network monitoring tools, and asset tracking.
  • Level 3 Proactive – It is not enough to have the technology tools, the MSP must also program them for continuous improvement.  For example, use the ticketing system to measure key performance indicators and implement processes to overcome areas of weakness such as preventive maintenance.  In addition, there is a focus on hiring the right engineering talent that can follow processes, communicate well, and has great problem-solving abilities.
  • Level 4 Service-Aligned – At this level, the MSP is a trusted business advisor.  As such, they have all their people, technology, and processes in place.  As a result, they are have improved customer support, talent utilization, and decision-making capabilities.
  • Level 5 Business Partner – Finally, the MSP is at a stage where they are forward-thinking and they are discovering new ways to help their clients meet their goals through technology.

As you can see, the more mature the organization is, the better the service you will receive.  Therefore, it is imperative to understand what stage the provider is at in the IT maturity model.

Why Do So Many IT Support Companies Fail

Unfortunately, it is not enough to have bright engineers.  After all, starting an IT support company is expensive, and it takes years before they make a profit. The engineers know the right concepts, but without the tools, they can’t measure up. So, when an engineer starts their own business, they try to get by on a shoestring budget believing they are so smart that their clients will put up with it. They find the cheapest tools to manage, monitor and support their clients. However, in the end, the client gets cheap results. So, if you are wondering why your service levels are not consistent, this is likely one of the root causes!

INSI Has Invested in a Strong IT Maturity Model

INSI has invested in technology tools, processes, and people to deliver a higher quality of service.  In fact, our main measurement of quality is client satisfaction.  In addition, we used a tiered approach to deliver customized programs while decreasing 80% of the IT support costs.  To find out more, click here or call us at 770-387-2424.

Click here to see a webinar on What a Mature IT Organization Looks Like and watch at your own convenience.

Do You Want To Learn More About IT Processes?

This information is part of what is covered in my book, IT Outsourcing Secrets.  If you would like to know more about this topic and how it affects you, visit Amazon or Barnes & Noble for a copy of the book IT Outsourcing Secrets – A Small Business Guide to Comparing IT Support Companies.


IT Processes

What is the Best Quality in an IT Support Engineer?

Survey Says: Ability to Follow Processes

Let’s face it, you can have the most talented engineer in the world, but if he doesn’t follow processes, he is a liability to your organization.  Consequently, processes help the entire staff with everyday routines without making them stop and think of every mundane task each step of the way. Most importantly, processes allow the engineer to free up their mind and concentrate on the task at hand by providing a program for repeated activities.

Consistency is Key to Quality Service Delivery

Processes are the only way to create consistency of service. Yet, for the processes to work, they must be specific to the service delivery and adhered to by the engineers. When either of these fails, you receive poor service. However, a mature IT organization invests time and tools to ensure the processes help with continuous improvement and premium service.

Processes Create Efficiencies

Processes create efficiencies, and great service companies are efficiency experts.  Processes are the cornerstone for efficient and excellent service.  Subsequently, a successful business process will cut across the whole organization – not just the individual department. Even sales, accounting, and HR need to be part of the solution. A good example of a failed process is when a salesperson tells the client one thing and the delivery is much different.

Learn from My Experiences

I learned first-hand the importance of the following process very early in my IT support sales career.  For example, I had a client once who understood our escalation policy very well. Why? Because this was one of my selling points. First, I would share that the engineer had 15 minutes to define the problem and map out a solution. Second, if they could not do this, they were required to escalate the issue to a more senior engineer. Of course, the original engineer would still own the ticket, but the second engineer would fix the problem as they watched. This served three purposes:

  1. The client didn’t have to re-explain the ticket over and over again as it changed hands from one engineer to another.
  2. It sped up time to resolution for the client.
  3. The engineer increased his/her knowledge base.

That sounds great, right? It was – right up to the point that the engineer did not follow the process.

Fact: Engineers Hate Asking for Directions

Let’s face it, engineers are notorious for wanting to solve problems on their own – no matter how long it takes. So, when Mike was at the client site for four hours without a plan of action for a single desktop issue, I heard about it from the client. Mike didn’t realize it was not about him. Because of his unwillingness to let go of the issue, an important executive was without the use of her computer for four hours!

Engineers Who Do Not Follow Processes Cost the Company Money

You will often hear me say that billable time is king in the IT support industry.  In this case, there appeared to be no end in sight as Mike tinkered around for a solution.  As a result, our company was losing money.  After all, Mike could have resolved multiple issues for our clients during the time he took to solve this one issue.  Therefore, the cost of that one ticket to us was the engineering salary + the potential billable time = $580 loss. Unfortunately, I have no idea what the financial impact was on the client.

How Do You Know if Your IT Support Company is Following Defined Processes?

The following are strong indications your IT Support Company is weak on process follow-through.

  • Repeat questions
  • Engineers learning on your time
  • Repeat issues
  • Long resolution times
  • Long response times
  • Bad communication
  • Poor management
  • Competing priorities with your own Internal IT Department
  • Poor Engineering Attitudes

INSI Values Processes

At INSI, we know that processes form the framework to improve operational efficiencies and deliver premier service. Below are a few examples of some of our process and the benefits to our clients:

  • Always Do What is Best for the Client – Nothing is more important than this.
  • Assign the Ticket to the Correct Engineer – We have a tiered structure that forces tickets to be assigned to the correct skill level.
  • One Engineer Owns the Ticket – It is important for one person to own the ticket and involve others to help him/her as needed. This will speed up the time to resolution for you.
  • Escalation Process – Our escalation process has a mentoring aspect to it which speeds up your resolution and helps our engineer expand his/her knowledge base.
  • Quarterly Preventive Maintenance – A process that allows us to catch issues before they become a real problem for you.
  • Monitoring Response – Alarm response protocols are defined at the kickoff meeting and strictly followed.
  • On-boarding New Clients – Documentation, asset tagging, client handbook, introductions, etc.
  • Time-Slip Lag – Our engineers document the problem and resolution while it is still fresh in their minds. As a result, engineers can access the knowledge base for solutions if/when they come across the same issue again.
  • On-Going Documentation – Fresh documentation helps us make informed decisions and recommendations to your company.

In conclusion, processes make the difference between a successful client relationship and a failed one.  If you are having inconsistent service, this may be the culprit and it is time to contact INSI!

Do You Want To Learn More About IT Processes?

If you would like to know more about this topic and how it affects you, visit Amazon or Barnes & Noble for a copy of the book IT Outsourcing Secrets – A Small Business Guide to Comparing IT Support Companies.