Small and medium-sized businesses (SMBs) face numerous challenges when it comes to managing their IT. Limited resources (both human and money), lack of expertise, and the need to focus on core business operations often make it difficult for SMBs to understand and manage technology needs. This is where Managed Service Providers (MSPs) come in. In this blog article, we will explore the reasons why SMBs should consider partnering with MSPs to enhance their IT capabilities and drive business growth.
Cost-Effective IT Solutions:
One of the primary reasons why SMBs need MSPs is the cost-effectiveness they offer. By outsourcing their IT needs to MSPs, SMBs can avoid the high costs associated with hiring and training an in-house IT team. MSPs provide a range of services, including network monitoring, data backup and recovery, cybersecurity, and software updates, all at a predictable monthly cost. This allows SMBs to allocate their resources more efficiently and focus on their core business.
Access to Expertise and Advanced Technology:
MSPs are experts in providing IT services and have a team of highly skilled professionals with expertise in variety of technology. By partnering with MSPs, SMBs gain access to the depth of knowledge and experience from IT experts who can handle complex tasks and provide strategic guidance. Additionally, MSPs stay up-to-date with the latest technology trends and can recommend and implement solutions that can help SMBs stay competitive in the market and safe from hackers.
Proactive IT Support and Maintenance:
MSPs offer proactive IT support and maintenance, which is crucial for SMBs. They monitor networks, identify potential issues, and take preventive measures to avoid downtime and disruptions. MSPs also provide regular software updates, security patches, and system maintenance, ensuring that SMBs’ IT remains secure and up-to-date. This proactive approach helps SMBs minimize the risk of costly IT failures and ensures smooth business operations.
Enhanced Data Security:
Data breaches and cyberattacks pose a significant threat to SMBs. MSPs play a vital role in safeguarding SMBs’ sensitive data and protecting them from potential security breaches. They implement robust cybersecurity measures, such as firewalls, antivirus software, and encryption, to ensure data confidentiality and integrity. MSPs can also conduct regular security audits and vulnerability assessments to identify and address any potential weaknesses in the IT infrastructure.
Scalability and Flexibility:
As SMBs grow, their IT needs evolve. MSPs offer scalable solutions that can adapt to changing business requirements. Whether it’s adding new users, expanding storage capacity, or integrating new software, MSPs can quickly and efficiently accommodate these changes. This scalability and flexibility allow SMBs to focus on their growth without worrying about the limitations of their IT infrastructure.
If your company could use the cost-effective solutions, access to expertise, proactive support, enhanced data security, and scalability that come from using a MSP, then contact us for assistance.
During a recent briefing from the FBI’s Oregon Cyber Task Force in Medford, OR they detailed best practices and industry standards for cyber attack mitigation. FBI special agents started with information and statistics about the most recent threats giving specifics of how the attacks were executed. Security Architect from the State of Oregon then outlined the specifics of how to mitigate these threats properly. Here is a summation:
Current Threat Landscape
Business Email Compromise (CEO Fraud): Involves cyber criminals posing as business executives at companies that regularly perform wire transfers. After compromising the executive’s email, the criminal requests employees to perform wire transfers to the criminal’s bank account. FBI Internet Crime Complaint Center (IC3) has reported over $3 billion of losses worldwide due to this threat.
Ransomware: Ransomware is a form of malware that targets weaknesses in networks to deny the availability of critical data by encrypting it and demanding a ransom for the encryption keys to decrypt the data. Ransomware is frequently delivered through spear phishing emails to end users.
Point of Sale (PoS) Malware: Cyber criminal steals payment card data by remotely infecting PoS systems with malware without the need to physically access the cards or the devices used to process them. This allows criminals to compromise PoS systems on a large scale with larger victim base.
Insider Threat: An insider is a current or former employee who has access to an organization’s network and intentionally misuses that access to negatively affect the company. IC3 has recorded business losses from insider threat to be between $5,000 to $3 million.
Internet Extortion: Victims are threatened by cyber criminal with Distributed Denial of Service (DDoS) attack that will make access to their e-commerce site severely degraded or impossible if they victim does not pay to appease them. These can be real or fake with price tags in the neighborhood of 50 bitcoin or about $30,000.
Cyber Attack Mitigation
Here is a list of items that will need to be addressed to comprise a complete mitigation plan:
Create company policy in regards to how wire transfers are handled that require verbal or in-person authorization from multiple company executives
Create company policy restricting details that can be shared about job duties and company hierarchy on social media
Review National Institute of Standards and Technology (NIST) Cybersecurity Framework and adopt risk management processes
Create, implement and keep up-to-date an incident response plan
Create company policy and implement lawful network monitoring
Have proactive relationships with law enforcement agencies – silence is letting cyber criminals win
Practical Security Best Practices
Network Segmentation – keep the guest wireless separate from the local network, keep payment processing in its own network and keep web servers in the Demilitarized Zone (DMZ) of the network.
Use firewall access rules, Active Directory Group Policy and physical security measures to limit unsecure access to every segment of your network.
Restrict usage of administrator level access by creating alternative accounts for these purposes that are not used for local login. Keep these accounts monitored.
Implement automated patching and managed virus scanning on all systems. Remove any unsupported / non-updateable software or sytems on the network.
Restrict remote access to the network to specific users and use only secure protocols like RDP through VPN
Conduct periodic testing of all security measures to identify weakness or failing procedures and adjust systems accordingly
Advanced Mitigation Processes
Use multi-factor authentication wherever possible
Establish baseline of applications used then implement application whitelisting
Standardize encryption for data both at-rest and in-transit
Conduct perimeter filtering via Intrusion Detection System (IDS)
Regularly backup system logs in a segregated portion of the network to prevent tampering
If your company is going to use full disk encryption or has compliance requirements that you need consulting for, then contact us for assistance.
It never occurred to me that analog fax was still something used, but my kids’ optometrist asked me to fax in a copy of their insurance card. So I asked them if I could email it to them and they said that it would not be HIPAA compliant to do so to which I responded that I could send them an encrypted email – they were not amused. This interaction begged the question is HIPAA compliant analog fax possible. According to Frequently Asked Question (FAQ) section HHS.gov site:
Does the HIPAA Privacy Rule permit a doctor, laboratory, or other health care provider to share patient health information for treatment purposes by fax, e-mail, or over the phone?
Answer: Yes. The Privacy Rule allows covered health care providers to share protected health information for treatment purposes without patient authorization, as long as they use reasonable safeguards when doing so. These treatment communications may occur orally or in writing, by phone, fax, e-mail, or otherwise.
The Privacy Rule requires that covered health care providers apply reasonable safeguards when making these communications to protect the information from inappropriate use or disclosure. These safeguards may vary depending on the mode of communication used. For example, when faxing protected health information to a telephone number that is not regularly used, a reasonable safeguard may involve a provider first confirming the fax number with the intended recipient. Similarly, a covered entity may pre-program frequently used numbers directly into the fax machine to avoid misdirecting the information. When discussing patient health information orally with another provider in proximity of others, a doctor may be able to reasonably safeguard the information by lowering his or her voice.
So the short answer is a surprising yes they can do HIPAA compliant analog fax with a standard old facsimile machine with the numbers pre-programmed in. If they have moved on the digital fax technology then similar safeguards to email must be put in place for the storage and transmission of that data.
Businesses have been using email, a cloud-based service, for decades. The recent push for compliance and security have given rise to various technology and services to provide encryption for sending / receiving messages especially through email. For most users Office 365 Encryption is the easiest and best way of sending encrypted email. This is done by purchasing licenses / configuring Azure Rights Management either through Enterprise Mobility Suite or Microsoft Azure Rights Management Premium in their Office 365 account. Once licensed the following setup procedure is needed to setup basic email encryption for all users:
Basic Office 365 Encryption Setup
Login to Office 365 portal as Global Administrator and click on the Admin tile.
In the left hand menu select Service Settings > Rights Management then click on the Manage link to the right.
On the Rights Management page click on the Activate button.
Now type in the following to configure the Rights Management Services (RMS) online key-sharing location in Exchange Online (This is North American companies only – all others see the following Microsoft KB Article.):
To verify that you successfully configured IRM in Exchange Online to use the Azure Rights Management service, run the following:
Run the following commands to disable IRM templates from being available in OWA and Outlook and then enable IRM for your cloud-based email organization to use IRM for Office 365 Message Encryption:
This completes the powershell portion. Make sure that all users who will be using Encryption have been given a license for the purchased service in the Office 365 portal.
In the Office 365 portal in the left hand menu click on Admin > Exchange.
In the Exchange Admin Center in the right hand side under Mail Flow click on Rules.
Click on the + symbol and choose “Create a New Rule…” option.
Give the Rule a name like “Message Encryption” then click on “More Options…”
Under “Apply this rule if…” select “The subject or body includes…” and add “Encrypt:” as the search term.
Under “Do the following…” select “Modify the message security…” then select “Apply Office 365 Message Encryption”
Leave the other options as default unless otherwise needed and click on Save button.
This then allows users of Outlook or OWA to add the work “Encrypt:” to the subject line of an email and have the message sent as encrypted. The recepient will receive and HTML document that details how to access the contents of the email securely via Microsoft login or one time access code sent to their email. If they are accessing email from their phones then there is an App for that too. If your organization needs any help with compliance of email encryption then don’t hesitate to contact us for support.
And God will generously provide all you need. Then you will always have everything you need and plenty left over to share with others. As the Scriptures say,
“They share freely and give generously to the poor. Their good deeds will be remembered forever.”
For God is the one who provides seed for the farmer and then bread to eat. In the same way, he will provide and increase your resources and then produce a great harvest of generosity in you. - 2 Corinthians 9:8-10