MSP Blog Logo


Business Growth


Help Desk



Sales & Marketing


Empowering Your MSP Business to Grow and Prosper—One Post at a Time


Featured Post

The Ultimate Guide to Success in Managed IT Services

What are the fundamentals to building a profitable managed IT services business? Keep reading to discover the four key ingredients for success.

Read Now

Cybersecurity Simplified: 2 Questions SMBs Must Ask Themselves

Posted October 25, 2016by Scott Spiro

Cybersecurity Simplified- 2 Questions SMBs Must Ask Themselves.jpg

Named National Cyber Security Awareness Month by the Department of Homeland Security, October is a time for the whole nation to become more aware of information security. And while companies should work to increase both internal and external resilience all year long, MSPs are advised to use this period to revisit the cybersecurity conversation with clients.

Where to begin? As you know, cybersecurity encompasses everything from proper password management to encrypted data backups. Rather than overwhelm prospects and clients by detailing all of this, however, start out simple. Frame cybersecurity as a way of providing medical services for client data. Just like in medicine, there are only two classes of service: prevention and treatment. Companies must spend time and effort to either prevent criminals from accessing data or maintain operations in the event of an attack or data breach. 

1. Prevention: What Can You Do to Prevent Attacks? 

There are two concepts that are helpful to think about when considering how to prevent an attack: attack surface and extended security team.

Your attack surface is how appealing you look to an attacker. Having a large technology stack means that there are lots of potential vulnerabilities to exploit. Software that is not regularly updated can be rife with known security holes that are easy to use to gain entry to the rest of your network. Eliminating unused or little-used software keeps your attack surface small.

Your extended security team is the number of virtual eyes that are protecting your organization. Large software vendors like Microsoft® and Intuit have robust, continually active teams scouring their software for vulnerabilities to fix. If they find something serious, they immediately get to work, patching the software and shipping it out to you.

Monitoring provides the necessary information for thoughtful action. For example, if your website is defaced at 3 a.m., automated monitoring provides a way to find out about it before your customers do. For endpoint security monitoring, there are several options, from basic antivirus to more advanced intrusion detection. They cover a wide variety of price points, including many that are accessible to small- and medium-sized businesses.

2. Treatment: What Can You Do if There Is a Breach or Loss of Data?

There are two options when a company has to restore its operation after a breach: practice or delegation.

If a company decides to take the the practice route, start with documenting and practicing a recovery plan. Security incident response starts with preventing further unauthorized access and then returning your organization to its most recently uncompromised state.

Once further damage has been avoided, it is time to get back up and running. Usually that means picking a point of known integrity before a breach and restoring it. The science of restoration has grown sophisticated and powerful in recent years. Storage technology, in particular, has grown in leaps and bounds, adding simple snapshots, virtual storage, and granular backups at every level from the raw disk to the entire application.

Creating regular backups that are logically separate from your production infrastructure is the essential first step in providing business continuity. Even if attackers are able to access your data, they may not be able to retrieve offline copies or ones on a different network. Disk- and flash-based approaches slowly replace tape while giving similar benefits without requiring a separate tape infrastructure.

And if you are not diagnosing your own breaches and handling restoration, then have the phone number of a company readily available to handle all of the above.

The National Cyber Security Awareness Month ends next week, but cybersecurity is a year-round responsibility. There are always small steps that you can take to be more prepared than yesterday. Start by checking that your prevention software is up-to-date and printing out your recovery plan.


Scott Spiro is founder and CEO of Computer Solutions Group, Inc. (Inc. 5000 Honoree in 2015 and 2016), author of the Amazon Top 10 Best Seller “The Business Owner’s Guide to I.T. and All Things Digital”, and sought-after speaker. Most recently in 2015, Scott was interviewed on the CBS Evening News with Scott Pelley, the Los Angeles Times, and CBS/KCAL Channel 9 Los Angeles. He is also recurring Tech Expert on KTLA Channel 5 in LA.

RMM 101: Must-Haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus