Tag Archives: cybersecurity

Four Steps to Be Sure Your Security Isn’t at Risk Because of Your Vendor

Make sure your cloud provider isn't jeopardizing your cyber security.It seems like every day there’s a new security breach in the news. Some IT professionals have recurring nightmares of their company’s name splashed across the headlines and a pink slip in their mailbox. What isn’t often reported in these stories, however, is the vendor’s role in that security breach.

When you engage in a cloud provider/vendor relationship, you probably spend a lot of time making sure performance and contract compliance are priorities. For many companies, though, there’s not enough time spent on determining who is covering each aspect of security. Here’s what you need to know:

1. Put it in the contract. Your vendor contract should include specific and precise information about your responsibility and your vendor’s for security coverage. Include the following items:

  • Security reviews and periodic audits
  • Cyber insurance
  • Access controls
  • Incident response
  • Risk sharing

2. Schedule security audits on a regular basis. These can be questionnaire-based or they can include as much as an on-site audit, depending on the level of risk and investment you have with that vendor. You can also use a mix of approaches, with on-site visits occurring less frequently based on the responses you receive on the questionnaires.

3. Make SOC a requirement. While current System and Organization Controls (SOC) reports won’t provide you with insight about the risk level of your vendor’s security management protocols, there is a new SOC report framework — called the SOC for cybersecurity — that audits cyber risk security management. You should include provisions in your contract that require your vendor to perform a SOC audit each year or whenever there’s a significant change to their security structure.

4. Conduct access and security reviews:
 This should be a daily review by your team to determine whether there’s any unusual activity coming from your vendor. There are independent services that will conduct these reviews, and though you may generate some false positives at times, you do need to be regularly examining the activities of your vendor with your system.

Security isn’t likely to be the most exciting topic on your list when considering a migration to cloud solutions. If you’ve been through the implementation of a cloud application, though, you likely have seen the security-related problems that can come up.

Get out ahead of any security concerns by including specific provisions in your vendor contract. Decide who will cover each area of security and make sure that security is a prioritized part of the conversation, rather than an afterthought. You may assume that because a vendor offers the latest software available, that they also have a proactive security solution. As you’ve seen in the news, it’s your reputation on the line.

If you want to work with a partner that values your security, talk with MicroCorp. We take a proactive approach to our clients’ security and partner with you to make sure that your system and your data are protected. Make an appointment with us to talk about the right solutions for your company and the steps you need to take to protect them.

Hacker

Preparing for Today’s Generation of Ambitious Hackers

Make sure your cyber security strategy will protect your business against today's hackers.Online businesses are increasingly improving against their brick-and-mortar counterparts. With this success, however, has come a whole new threat: the rise of a cyber attacker who isn’t showing much restraint, even for the biggest targets.

Hacker Ambition on the Rise

In just the last couple years, hackers have been seen going after targets that even five years ago might have been unthinkable. While retail store breaches were standard fare, new cyber attackers pursued online banks, and some evidence suggests that hackers may have even targeted the 2016 U.S. Presidential Election, though to what extent is unclear.

The growth of the Internet of Things (IoT) has emboldened some hackers, who in another incident used connected devices as part of a massive botnet of semi-autonomous connected devices to engage in distributed denial of service (DDoS) attacks that shut down websites.

Surprising Weaknesses Appear

Perhaps the good news in the current hacking-filled environment is that it reveals just how insecure networks really are. Stolen credentials are only the beginning, and lower-tech attacks do plenty of damage as well. Business email compromise–essentially just highly-targeted phishing operations–caused $3 billion in losses over three years, according to Symantec.

More Cloud, More Problems

Perhaps worst of all, companies are contributing to their own downtime through everyday business processes. The growth of the IoT is putting more potential points of access into play, and many of these are poorly secured thanks to a faulty perception that a connected device is a low-value target. The device itself may be, but the network that it’s connected to is of much higher value.

Symantec’s reports were grim on this front as well; attacks on IoT devices doubled throughout 2016, and at the worst of it, there was one attack every two minutes on an IoT device. Increased movement to cloud-based systems was likewise bringing out fresh targets of opportunity for hackers.

Eternal Vigilance Is the Price of Liberty…Online

So what can be done? Proper security must be observed at every turn, even when doing so seems inconvenient or cumbersome. Furthermore, the tools to protect security must be improved; after all, tools that cause as many problems as they prevent aren’t worth using.

Tools like those found at MicroCorp can be a great start toward a process of continuous security improvement, helping users better protect systems against outside intrusion. It’s a project that requires everyone’s cooperation, from the end user to the security developer, and one that makes us all safer. For more information about how MicroCorp can help secure your business, contact us today.

Use #WannaCry to Your Advantage

Channel partners can take advantage of ransomware like #WannaCry to provide more cyber security solutions.The ransomware attack from early May that affected more than 200,000 people and computer networks in more than 150 countries is an opportunity for partners to have a conversation with their customers about security. While it may seem heartless to use a cyber attack as a sales tactic, this is more about protecting customers for the future, and making sure everyone has a backup plan.

The malware, dubbed WanaCrypt0r 2.0, or WannaCry, affected Europe the most. Companies from FedEx to Telefonica, universities to hospitals, were attacked. The pervasive nature of this most recent incident should be the kicker for partners to start checking on customers’ security strategies. Of course, there are obstacles, but there are ways to overcome them.

Something is better than nothing

More often than not, a company’s CTO will shrug off security solutions as too expensive. Small and medium-sized businesses cannot often afford the $25,000/month price tag for a soup-to-nuts solution. But partners should emphasize that customers do not need to go whole hog in order to protect themselves “just enough.” There are pieces of solutions that go for a fraction of the package price that will protect customers somewhat — and that could make or break their business.

The true cost of a breach

60% of small and medium-sized businesses are out of business within six months of a cyber attack. Further statistics show that companies spent an average of $879,582 in the aftermath of damage or theft of IT assets. And disruption to normal operations cost an average of $955,429.

Partners can show these quotes to their customers. Then they can ask the CTO if he really thinks that investing in a security solution today isn’t worth the money.

Take this most recent ransomware attack, the Target breach of 2013, and any one other of the myriad cyber attacks of the last couple of years, and present the case to customers. Now is not the time to shy away from protective technology. Emphasize that the true cost of a security breach is a customer’s entire business.

You don’t have to be the expert

Don’t let the daunting nature of security technology be the reason you leave your customers without solutions. Take the time to get with a couple of providers that have security products to find out about what the solutions are, and then you’ll be in a good place to talk to your customers about security. You can admit you are not the expert, but you work with experts, and can connect your customers. That’s where a program like MicroCorp’s Team Alliance Program comes in. The program is designed to connect partners with experts of all kinds in the channel — security is no exception.

At the very least, your customers should have a basic security assessment done. Discuss where they are vulnerable with them so they know where their risks are. From there, it is their decision about how robust they want to get with a security solution.

Putting your head in the sand isn’t going to make the risk go away. Talk to MicroCorp today about how to proceed with working with your customers on securing their businesses for the future.

How to Start the Security Discussion

MicroCorp can show you how to begin the cyber security discussion with your clients.It’s the last thing most partners want to talk about because it’s the topic they are the least familiar with, but as security evolves, it becomes impossible to avoid.

Customers want to discuss security, and for good reason. The cyber landscape is changing for individual users, giant corporations, and governments alike. Partners need to understand why customers are interested in security and be able to have a discussion with them about protecting networks. But how do you talk to your customer about a topic outside your wheelhouse? There are a few tactics to take.

Don’t try to onboard it all.
For partners to be relevant in the year (and years) ahead, they need to transform their main expertise into new areas, and you cannot train your way there. The landscape is changing so quickly — by the time you’ve trained yourself and your team on something like security, it’s evolved further. It is more worth partners’ time to connect with experts in order to broaden their own expertise.

Partner with purpose.
Our Team Alliance Program (TAP) was designed with these problems in mind: partners want to be able to speak to all customer issues, but don’t have the time or resources to become experts in every field. TAP allows partners to connect with experts in cloud, security, SD-WAN, and other technologies to get in on the knowledge while maintaining relationships with customers. The program is an ecosystem for education and partnership that will help you stay successful as technologies change.

In the end, it’s about trust.
You are your customer’s trusted advisor, so it’s important to maintain that level of credence. Acquiring a customer is the largest cost your business incurs — better to keep the ones you have. Partnerships with experts can help you stay relevant for your customers and devote time to maintaining your relationships with them. And that means that the future of the partner will be more about customer service than anything else.

These themes can apply to not just security, but multiple other technologies and systems that befuddle the partner. Take advantage of TAP and the MicroCorp’s ecosystem of experts to be the partner your customers want to keep.

Security: It’s Time to Pull Your Fingers Out of Your Ears

If you haven't talked to your clients about cyber security, don't put it off any longer.If you’ve been avoiding the topic of security — in general, or with your customers — you aren’t alone. Most agents avoid the subject entirely if they don’t feel 100% comfortable discussing the latest trends in cyber protection and network management. (And, let’s be honest, few do.)

But it’s 2017, and 60% of small companies go out of business within six months of a cyber attack. That figure alone should indicate that the time has come to do what no one wants to do and contemplate how to stay up-to-snuff on security. (It’s like going to the dentist.) What are the risks involved of falling behind, and what can you do to feel confident in talking to your customers about security?

First, know that the issue of cybersecurity poses more risks to your business than just actual hacking. If you aren’t educating yourself on how to talk to your customers on the topic, someone else is. Usually, if partners feel uneasy to broach a subject that is outside their areas of expertise, they’ll avoid it altogether with customers. But that tactic leaves room for another company — perhaps one that has done more research — to home in on those customers.

So, short of spending precious hours training to become a security expert, how can you approach the issue?

Look to the experts. Seek out partners who have already established themselves as security experts. A Fortune 500 customer hired one of our partners who is a security expert, and that relationship enabled the partner to gain a ton of buying power from the customer. The customer’s trust in that partner translated into giving the partner a blanket of sorts to recommend any provider they deemed fit. The power involved in being the expert in your field is real.

Try to educate yourself. Ideally, partners are taking the initiative to educate themselves each week on a broad view of topics — not just security — to stay relevant. But, of course that is easier said than done, especially when sales and customer service are at the forefront of business priorities.

Training! If both of those points sound daunting it’s because they can be. MicroCorp established the Ultimate Partner Training program to enable partners to learn about security, SD-WAN, cloud, and other topics that they might not be experts in — or even familiar with — so they can get high-level views of those subjects and stay relevant. Sticking your fingers in your ears and pretending nothing is changing makes you irrelevant. We want to help our partners be as well-rounded as possible.

The nature of the security world mirrors the nature of technology: it’s dynamic, ever-changing, constantly surprising, and difficult to keep up with. Our Ultimate Partner Training program aims to make the fluid world of technology easier for partners to navigate so that both partner and customer stay successful. Security expertise is a part of that equation now, more than ever.