Category: Security

Discover how partners can become the go-to for all their customer's endpoint security needs.

How Partners Can Become the Go-to for Their Customers’ Endpoint Security Needs

by Scott MacIntire, Director, Channel Enablement – Cloud Elements

Discover how partners can become the go-to for all their customer's endpoint security needs.Understanding the needs of your customers is vital to your survival as a partner your customers can rely on for challenging technical issues – including endpoint security.

As the internet of things (IoT) gains wider adoption and more devices share the network, your partners are going to see the expansion of the surface area (more devices) for the threat actors to attack. Every device in the network becomes an attack vector for these malicious actors. Your expertise on the network will be more important than ever to your customers. Not just provisioning and managing it, but securing it.

Security is also a great starting point for a discussion with your customers when you want to expand outside of selling the traditional network services. This conversation will get you into speaking about their compute infrastructure and allow you to provide the security solution your customers require. I find that once they trust you with security, they’ll trust you with the infrastructure as well.

Lack of Confidence Selling Security?

The channel understands the network and its complexity, but not everyone feels confident when it comes to network security. We are constantly bombarded with very confusing and scary messaging about cyber security. Fancy buzz words are the order of the day for the security industry. In order to gain the confidence in having discussions on security, find a few security partners and take the time to listen to their stories over and over again. Invite them to discovery calls with your customers.

Finding various providers and listening to them will help you make better sense of the the overall security story. You will pick up on the buzzwords, and you will see that while each one has a different way of protecting their customers’ environments, there are several themes that are consistent. Identifying how they solve those problems and understanding this should give you the confidence to have more security discussions.

Dealing with FUD

With cyber security, most providers often claim that you’ll get breached if you don’t choose their solution – injecting fear, uncertainty, and doubt. To get past that problem, you need to have some standard themes you are looking for in their product and services. The most important thing to look for is a clear proof of value for the solution. This is usually a dashboard that gives the customer operational visibility. It usually shows the number of attacks being stopped and the status of the environment’s devices. You should also look for a fully managed solution. The provider should have a team of experts monitoring the environment 24×7. Threat actors never sleep and neither should your provider. All of MicroCorp’s security providers bring these two capabilities, a visible proof of value, and 24×7 management to the table.

How to Handle Ongoing Challenges

Security is a never-ending game of cat and mouse. Threat actors are always adapting to the security vendors’ solutions. In order to increase – as well as retain – your knowledge of endpoint and security in general it’s important to be conversant in the basics. Jump on provider webinars. Subscribe to some cyber security blogs. Keep learning. These are the same fundamentals that have made you successful selling network solutions, and you should be confident that these best practices that help you grow on the network side will help your security business as well.

Looking for an Expert to Help You Get Answers?

If you’re looking for a master agent to help you approach security discussions with your customers, MicroCorp is your partner. Our team of experts will assist you, answer your questions, and bring the right providers to help you sell that deal. That’s a big differentiator. Contact us today for more information.

Improve your IoT security.

Make IoT Efforts Worthwhile with IoT Security

Improve your IoT security.The biggest problem in Internet of Things (IoT) networks is just what makes them so powerful. IoT networks depend on dozens, even hundreds, of small devices that relay information back to a central point. The devices have to be simple; if they were complex they couldn’t be so easily deployed. The simplicity involved means that protection sometimes suffers, so the proper use of IoT operations comes with a clear focus on IoT security.

IoT Security Makes a Porous Network More Resilient

Shoring up that porous network can be a lot simpler than some might expect.

Consider regulations. Your customers may already be working under a set of regulations that dictate security measures to take. Generally, these will cover what’s needed for IoT security since that same data needs to travel the network covered by regulations.

Check your passwords. Let your customers know that proper network security starts with good passwords. Ensure the passwords in place use mixes of letters, numbers and symbols, and also consider the use of multi-factor authentication, like using a text message to an employee’s cell phone or the like.

Never use the stock password. If a device comes with a password, your customer should change it immediately. Hard-coded passwords can be used by outsiders, and by making a change as quickly as possible during installation, that improves the chances of keeping outsiders out.

Don’t leave everything on. Some IoT devices come with features that aren’t really necessary, and some of these can be used to circumvent security. Shut off automatic connection or buttons that allow password changes.

Consider your traffic. Your customers should check the software ports on your IoT devices; if they’re not already blocking incoming traffic, be sure those ports are restricted. Also suggest that your customer consider the use of a virtual private network (VPN) to further mask traffic.

Look into encryption. So much of security is about keeping outsiders outside, but why risk data security on that all-or-nothing ploy alone? Using encryption to protect data allows companies to get the best of all worlds. While perimeter defense works to keep hackers out, encryption makes their efforts ultimately fruitless.

Getting Started with IoT Security

IoT benefits are wide-ranging, but IoT security is vital to making sure your customers get the most out of the system without leaving themselves wide open to outside intruders. Learn more about IoT security by getting in touch with us at MicroCorp. We have a wide range of solutions available, including a complete slate of complex network solutions that includes over 80 different carrier and service providers.

How can you become the security expert your customers are looking for?

Security: Your New Secret Weapon in the Competitive Edge Wars

How can you become the security expert your customers are looking for?The competition is absolutely everywhere. How do you stand out and protect your own market share when rivals are offering similar pricing? One way is to be the go-to resource for one of the biggest problems a business faces: security.

How Do I Become the Go-to Resource for Security?

Being a resource in security is a great way to present a value proposition, and becoming that resource can be a simple process.

Learn the risks. Risks vary widely, and often change. Whether it’s the theft of privileged access credentials, assaults staged by insiders within the company, or issues over control of access, there’s a lot of risk out there. Even the burgeoning Internet of Things (IoT) market and the new endpoints—and potential points of weakness—that come with it mean a whole new set of risks some may not have even considered. Whether you’re talking about perimeter defense or internal data defense, there are risks all over the spectrum.

Learn countermeasures. It’s not enough to just know the risks, however, as you’ll need to learn how to address these risks. Securing endpoints, using encryption to protect data that’s already in the fold, and even how to make sure that security tools like the USB-based Rubber Ducky are used for their intended purpose only will help make you the first stop when businesses want better security.

Learn from peers and industry experts. You can train yourself until you’re blue in the face, but nothing will empower you to become the security expert your customers need better than connecting with those who are already experts in the field. Connecting with industry colleagues and folks who’ve been doing it a while can be the most valuable method of educating yourself. Learn more about MicroCorp’s Solutions Alliance program to connect with an ecosystem of providers and partners who can help you become an expert in security and more.

As a master agent, we work with a wide range of products and businesses, and can help make you the security force in your area that your customers are just begging to work with. So get started by getting in touch with us to build yourself into a security expert your customers can count on.

Ransomware is one of many threats that force IT organizations to shore up their processes.

With the Proliferation of Ransomware, Is Bitcoin Your Only Option?

Ransomware is one of many threats that force IT organizations to shore up their processes.Do you have a bitcoin wallet? That’s not a question that was posed very often a few years back, but it’s becoming common lately as ransomware attacks have grown more prevalent. The question you may be asking yourself today is, “why should I pay a ransom?”

The reason most companies end up paying a ransom after they’ve been hit with a cyberattack is that they want to preserve their reputation, their data, and in turn, their clients. Businesses don’t have the luxury of not negotiating with malicious actors who demand payment in return for their own data. And whatever amount is paid will only be payable in bitcoin, because it’s untraceable.

One factor leading to the proliferation of ransomware attacks is that many IT organizations aren’t good at patching or updating their systems and keeping data backed up. This allows cybercriminals an easy way in, and since the organization has no backup, they’re left without access to their sensitive and valuable data.

Some IT organizations are good at backing up their data, yet that generally only corresponds to critical servers, not end user systems where much of the data resides. And this is where most of the attacks are aimed – at end user systems.

Even for organizations that excel in patching and backing up, there are serious challenges when it comes to managing identities and controlling access to systems. This allows the infected code to seep across the system, going unchecked because it utilizes real accounts to gain access.

For organizations that do not patch, back up, or control access, they create the perfect scenario for a ransomware attack. This is when it becomes critical to have established a bitcoin wallet in order to regain control of data.

Ransomware isn’t the only enemy – there’s also extortionware and a host of other wiper malware with the sole intent of erasing data.

At MicroCorp, our clients count on us to keep their systems up and running and safe from attack. We do our part while educating end users to make sure they’re doing theirs. Contact us today to learn more.

Disaster Recovery

The Increasing Importance of Disaster Recovery Planning

Disaster RecoveryHow secure is the cloud, and how much need is there to have a disaster recovery plan? These are valid questions as the Internet of Things (IoT) comes into full bloom and the world becomes increasingly digitized.

Recently, an outage of Amazon Web Services (AWS) brought some attention to cloud disaster recovery. For companies running critical systems in the public cloud, this outage made them more aware of the potential for problems. However, despite the human error that led to this outage, a public cloud infrastructure still has advantages to on-premise data centers. At the same time, cloud IT services aren’t impervious to issues, which is why it is critical to have a disaster recovery plan in place.

Whether you’re a company as large as Amazon, or a mom and pop startup operating in the cloud, you need to focus on business continuity and disaster recovery options. These strategies, when properly implemented, will help you protect your data.

Your strategy should center around backing up data at multiple, geographically disparate locations. Should a natural disaster occur and several data centers are wiped out, the data will still be available from a location that is far removed from that natural disaster.

The loss of data can come at a great expense for your company. Take British Airways as an example. The company experienced a computer failure that resulted in losses estimated around $200 million. The damage to the British Airways brand was significant as passengers around the world were left stranded. While the company continues to blame a power surge for the problem, it’s rumored that the fault was actually with a back-up system that was supposed to provide uninterrupted power to the computer system.

While cloud-based systems are most often a better choice than on-premise solutions, it’s not always the right answer in every situation. Cost for long-term use can be prohibitive for some organizations. Also, due to a shortfall in qualified individuals working in cloud infrastructure, security is sometimes suspect. While it’s true that some cloud types offer better security than others, organizations give up control over too much of their data in many cases.

At MicroCorp, we are a master agent that takes cloud security and disaster recovery very seriously. With many years of experience in offering multi-layer support services, we have our agents and their clients covered. Contact us today and let’s discuss how you will maintain control over your data while experiencing top-notch business continuity and disaster recovery efforts.

Four Steps to Be Sure Your Security Isn’t at Risk Because of Your Vendor

Make sure your cloud provider isn't jeopardizing your cyber security.It seems like every day there’s a new security breach in the news. Some IT professionals have recurring nightmares of their company’s name splashed across the headlines and a pink slip in their mailbox. What isn’t often reported in these stories, however, is the vendor’s role in that security breach.

When you engage in a cloud provider/vendor relationship, you probably spend a lot of time making sure performance and contract compliance are priorities. For many companies, though, there’s not enough time spent on determining who is covering each aspect of security. Here’s what you need to know:

1. Put it in the contract. Your vendor contract should include specific and precise information about your responsibility and your vendor’s for security coverage. Include the following items:

  • Security reviews and periodic audits
  • Cyber insurance
  • Access controls
  • Incident response
  • Risk sharing

2. Schedule security audits on a regular basis. These can be questionnaire-based or they can include as much as an on-site audit, depending on the level of risk and investment you have with that vendor. You can also use a mix of approaches, with on-site visits occurring less frequently based on the responses you receive on the questionnaires.

3. Make SOC a requirement. While current System and Organization Controls (SOC) reports won’t provide you with insight about the risk level of your vendor’s security management protocols, there is a new SOC report framework — called the SOC for cybersecurity — that audits cyber risk security management. You should include provisions in your contract that require your vendor to perform a SOC audit each year or whenever there’s a significant change to their security structure.

4. Conduct access and security reviews:
 This should be a daily review by your team to determine whether there’s any unusual activity coming from your vendor. There are independent services that will conduct these reviews, and though you may generate some false positives at times, you do need to be regularly examining the activities of your vendor with your system.

Security isn’t likely to be the most exciting topic on your list when considering a migration to cloud solutions. If you’ve been through the implementation of a cloud application, though, you likely have seen the security-related problems that can come up.

Get out ahead of any security concerns by including specific provisions in your vendor contract. Decide who will cover each area of security and make sure that security is a prioritized part of the conversation, rather than an afterthought. You may assume that because a vendor offers the latest software available, that they also have a proactive security solution. As you’ve seen in the news, it’s your reputation on the line.

If you want to work with a partner that values your security, talk with MicroCorp. We take a proactive approach to our clients’ security and partner with you to make sure that your system and your data are protected. Make an appointment with us to talk about the right solutions for your company and the steps you need to take to protect them.

Security, SMB

SMBs Ready to Embrace Managed Security Services

Are you selling managed security services to SMBs?Small and mid-sized businesses (SMBs) have traditionally not been keen on outsourcing for a few reasons, but a sea change is occurring for SMBs when it comes to security and technology. Businesses using managed services to handle security needs have to hand over mission-critical control of their network infrastructures to service providers. A rising number of SMBs are electing to do this and more.


In-House Security Losing Steam

While managed security was initially popular with enterprises hoping to simplify and coordinate security across multiple locations, it is looking more and more attractive to one- and two-location business owners who realize these threats are indiscriminate in who they target.

With new security threats churning out at a fever pitch, it is almost impossible to stay relevant with security in-house. Even with just one location, adequate security needs to consider firewall management, intrusion detection, malware detection, compliance requirements, email encryption, user authentication, and, most importantly, active monitoring.

According to a study cited in CIO, 40% of businesses are using part time employees to manage their security. That is alarming. This setup compromises effective monitoring and cuts down on time to detect attacks from 24/7 to someone not even on the clock 9-5. The level of scrutiny and speed of reaction need to be looked at if you want to take your network security seriously. Outsource to a provider that guarantees around-the-clock monitoring in the service level agreement. Employees do not come with SLAs.


Security Specialization

The number and variety of security threats facing businesses today require true specialization to conquer. Although enterprise businesses led the charge for managed security, there is a multi-dimensional landscape of security concerns that affect businesses of all sizes. Skills and time are at a premium, and a greater number of business owners are finding security is not a piece of their business they want to gamble on.

What is your peace of mind worth? MicroCorp can connect you with a portfolio of managed security providers to find the right fit for your customer’s security vulnerabilities.

Hacker

Preparing for Today’s Generation of Ambitious Hackers

Make sure your cyber security strategy will protect your business against today's hackers.Online businesses are increasingly improving against their brick-and-mortar counterparts. With this success, however, has come a whole new threat: the rise of a cyber attacker who isn’t showing much restraint, even for the biggest targets.

Hacker Ambition on the Rise

In just the last couple years, hackers have been seen going after targets that even five years ago might have been unthinkable. While retail store breaches were standard fare, new cyber attackers pursued online banks, and some evidence suggests that hackers may have even targeted the 2016 U.S. Presidential Election, though to what extent is unclear.

The growth of the Internet of Things (IoT) has emboldened some hackers, who in another incident used connected devices as part of a massive botnet of semi-autonomous connected devices to engage in distributed denial of service (DDoS) attacks that shut down websites.

Surprising Weaknesses Appear

Perhaps the good news in the current hacking-filled environment is that it reveals just how insecure networks really are. Stolen credentials are only the beginning, and lower-tech attacks do plenty of damage as well. Business email compromise–essentially just highly-targeted phishing operations–caused $3 billion in losses over three years, according to Symantec.

More Cloud, More Problems

Perhaps worst of all, companies are contributing to their own downtime through everyday business processes. The growth of the IoT is putting more potential points of access into play, and many of these are poorly secured thanks to a faulty perception that a connected device is a low-value target. The device itself may be, but the network that it’s connected to is of much higher value.

Symantec’s reports were grim on this front as well; attacks on IoT devices doubled throughout 2016, and at the worst of it, there was one attack every two minutes on an IoT device. Increased movement to cloud-based systems was likewise bringing out fresh targets of opportunity for hackers.

Eternal Vigilance Is the Price of Liberty…Online

So what can be done? Proper security must be observed at every turn, even when doing so seems inconvenient or cumbersome. Furthermore, the tools to protect security must be improved; after all, tools that cause as many problems as they prevent aren’t worth using.

Tools like those found at MicroCorp can be a great start toward a process of continuous security improvement, helping users better protect systems against outside intrusion. It’s a project that requires everyone’s cooperation, from the end user to the security developer, and one that makes us all safer. For more information about how MicroCorp can help secure your business, contact us today.

Use #WannaCry to Your Advantage

Channel partners can take advantage of ransomware like #WannaCry to provide more cyber security solutions.The ransomware attack from early May that affected more than 200,000 people and computer networks in more than 150 countries is an opportunity for partners to have a conversation with their customers about security. While it may seem heartless to use a cyber attack as a sales tactic, this is more about protecting customers for the future, and making sure everyone has a backup plan.

The malware, dubbed WanaCrypt0r 2.0, or WannaCry, affected Europe the most. Companies from FedEx to Telefonica, universities to hospitals, were attacked. The pervasive nature of this most recent incident should be the kicker for partners to start checking on customers’ security strategies. Of course, there are obstacles, but there are ways to overcome them.

Something is better than nothing

More often than not, a company’s CTO will shrug off security solutions as too expensive. Small and medium-sized businesses cannot often afford the $25,000/month price tag for a soup-to-nuts solution. But partners should emphasize that customers do not need to go whole hog in order to protect themselves “just enough.” There are pieces of solutions that go for a fraction of the package price that will protect customers somewhat — and that could make or break their business.

The true cost of a breach

60% of small and medium-sized businesses are out of business within six months of a cyber attack. Further statistics show that companies spent an average of $879,582 in the aftermath of damage or theft of IT assets. And disruption to normal operations cost an average of $955,429.

Partners can show these quotes to their customers. Then they can ask the CTO if he really thinks that investing in a security solution today isn’t worth the money.

Take this most recent ransomware attack, the Target breach of 2013, and any one other of the myriad cyber attacks of the last couple of years, and present the case to customers. Now is not the time to shy away from protective technology. Emphasize that the true cost of a security breach is a customer’s entire business.

You don’t have to be the expert

Don’t let the daunting nature of security technology be the reason you leave your customers without solutions. Take the time to get with a couple of providers that have security products to find out about what the solutions are, and then you’ll be in a good place to talk to your customers about security. You can admit you are not the expert, but you work with experts, and can connect your customers. That’s where a program like MicroCorp’s Team Alliance Program comes in. The program is designed to connect partners with experts of all kinds in the channel — security is no exception.

At the very least, your customers should have a basic security assessment done. Discuss where they are vulnerable with them so they know where their risks are. From there, it is their decision about how robust they want to get with a security solution.

Putting your head in the sand isn’t going to make the risk go away. Talk to MicroCorp today about how to proceed with working with your customers on securing their businesses for the future.

Preparing for the Next Generation of Security Intelligence

Here's what channel partners need to know to provide cyber security to their clients.Are you familiar with security intelligence? If not, you should be. Here’s what you need to know about this growing data-gathering activity that will protect your digital assets from cyber criminals.

Introducing a New Kind of Intelligence

Since cyber threats continue to increase regardless of how sophisticated cybersecurity software gets, governments and businesses are turning to the next phase of defense — intelligence gathering. This solution involves collecting huge amounts of actionable information on cyber threats, then using big data tools to protect organizations from outside threats.

Time and Cost Efficiency Factors

IT teams should not go overboard chasing intelligence if it’s not helping the company. Security intelligence is meant to enhance security systems, not replace them. If a company devotes too much time and money to this data collection process, they may lose focus on what the business is really about — which is making money, not spending money. The key is to synchronize big data tools when necessary to guard against dangerous attacks.

Modern malware can hide for many weeks in a network before it initiates damage. It can be prevented using machine learning strategies that predict disasters. Detailed intelligence will help companies determine the safety of their existing protection.

Cyber Myths

Before venturing into big data collection, you should be aware that many myths surround intelligence gathering in the digital world. It’s not designed to predict presidential elections, military outcomes, or the stock market. Many people may assume too much from the word “prediction.” What this intelligence does is bring together the most relevant data on cyber threats so that analysts can quickly make determinations on avoiding disasters.

In recent years, a majority of North American and European businesses have been victimized by cyber crime in some form. As much as the government is working to crack down on cyber criminals, all it takes is one attack to wipe out a business. The Internet of Things and expanding interconnectivity of devices are creating increased vulnerabilities.

Perhaps the biggest cyber-myth of all is when companies believe that simply installing firewalls and doing routine screening for bugs will be sufficient protection against cyber threats. Adding security intelligence will help businesses gain more confidence in their protection from cyber crime moving forward.

Conclusion

Firewalls, ransomware protection, and other security solutions can be maximized when using data collection and analysis software that predicts cyber attacks. The reason governments and corporations are adding security intelligence to their systems is because they anticipate cyber crime to escalate in the coming years. Contact us to learn more about how MicroCorp can strengthen your defense against cyber crime and improve profitability.