As a growing number of companies partner with IT managed services to boost their cybersecurity and improve their overall IT set-up, the Secret Service warns that the trend could lead to disaster. Cybercriminals are staying in step with the times and are now targeting IT managed services with the knowledge that breaching one could provide access to terabytes of invaluable business data. Is the trend reversible? IT managed service business owners weigh in on the increased risks, offering their take on what IT service companies can do to protect their clients from malicious cybercriminals.
Jorge Rojas from Tektonic in Toronto makes it clear that his company is taking the same measures that he suggests to his clients. The business ensures that all software programs are patched and continually updated so hackers can't exploit vulnerabilities to steal data. He requires that multifactor authentication be used for all applications and is increasing security awareness among his staff members. Furthermore, due to the COVID-19 lockdown and ensuing rise in cyberattacks, Rojas has provided each one of his employees with a company-owned laptop so they can work remotely without putting the company and clients in danger. Most of these security precautions have been put in place by IT managed services throughout the nation. Paul Bush, the Principal Consultant for OneSource Technology Inc. notes that his company secures its toolset with Google Authenticator's multi-factor authentication platform even if some company business partners don't require that level of cybersecurity. Furthermore, the company has moved its entire toolset to the cloud to avoid the time-consuming hassle of having to patch and maintain servers on the business premises.
Dmitry Rudman from Infiniwiz reports his company encrypts data on all devices, including servers, workstations, and laptops, to ensure the theft of a device does not compromise valuable business data. The company also has regular internal meetings about security, prohibits employees from sending sensitive information via email in clear text, and does regular yet random employee checks to ensure all staff members are following best cybersecurity practices. Furthermore, the company continually evaluates new tools to improve security for the company itself and its clients. Anthony Buonaspina from LI Tech Advisors specifically suggests the use of Malwarebytes to increase office security, noting that his company not only uses it in-house but also provides it to all company clients as part of LI Tech Advisors' core offering package. Eric Schueler, the Senior Vice-President of Information Technology at HRCT points out that his company uses Sophos MTR for the same purpose. Sophos monitors the company's endpoint security and servers, actively hunting for and eliminating potential threats as they arise. Additionally, HRCT has now implemented NIST CMMC compliance control for the company and all its customers.
Various IT managed service owners are also putting a premium on the use of strong passwords. It may seem like a basic move; however, a recent Avast survey found that an eye-popping 83% of all Americans don't use strong passwords for their devices. The use of one's name, a family member's name, or the name of a pet is commonplace, as is the use of one's birthday, part of one's home address, the name of a favorite book or hobby, or the name of the website that the password is for. To make matters worse, more than half of all Americans use the same password for multiple websites. Scott Gallupe, President of 403Tech Inc., mandates that his employees create strong, secure passwords. These passwords are stored in a secure password vault, making it easy for employees to gain access to information without having to remember complex passwords. Nick Allo from SemTech IT Solutions notes that his firm resets passwords every time an IT technician leaves; what's more, the company uses a unique password for every single account. If one account is breached, the cybercriminal cannot use it to gain access to all client accounts. Furthermore, SemTech IT Solutions has taken the unique step of getting verification from a client before beginning to work with him or her. The move ensures that a business is indeed hiring the firm, not a cybercriminal posing as a business owner.
As cybercriminals up their game to gain access to business information, IT managed service providers are likewise improving their cybersecurity protocols to ensure hackers cannot gain access to valuable customer data. Most service providers are requiring the use of multi-factor authentication, providing staff members with continual cybersecurity training, and ensuring systems are continually updated to prevent attacks. There are also some less-common tactics that various companies use to keep their business safe, such as providing remote employees with secure company-owned laptops, requiring additional certification before taking on a client and mandating that data be encrypted on company devices at all times. These tactics cannot guarantee that a hacker will never breach an IT managed service account but it does drastically lower the odds of an attack. Many cybercriminals are looking for easy prey and the fact that reputable IT managed services are adding extra layers of security to their accounts will deter most hackers, thus protecting business owners from damaging breaches now and in the future.