SpireTech Blog - Category: Managed Services
Blog posts for SpireTech Managed Services Provider (MSP) and business IT support services in Portland, OR.
We’re starting to hear from clients and insurance brokers that cyber insurance costs are on the rise, in some cases up to 200%. Of course, this comes with insurers cracking down on IT controls – making sure their insureds are operating as securely as possible.
Clients can expect increased scrutiny over their application or renewal. The length of the questionnaires vary greatly, but at a minimum, insurers will ask about and want to see the following things in place:
- Multi-factor authentication across all systems and accounts including email, remote access, vendor access, VPN’s, SAAS/cloud applications, etc.
- An enterprise-grade endpoint protection solution (antivirus and malware).
- Employee security awareness training, including phishing training.
- Email spam and phish filtering software.
- No end-of-life software.
- Closed remote access ports, including remote desktop protocol (RDP).
- Security patches applied in a timely manner.
- Offsite, tested, and monitored backups that are not accessible from your network.
Clients that implement all security best practices and tools will likely face lower Cyber insurance costs, easier renewals, and enjoy the benefits of increased security. Read more...
By now we hope that our clients understand that IT security is never “done”. It is a constantly evolving and maturing process involving additional tools, training, and knowledge. This image shows the journey many clients are on with us to improve and mature the security posture of your organizations. Some of you fall in different places on this journey – do you know where your company sits?
As mentioned in the previous article, we are now including Huntress threat hunting in our VIPSupport managed services packages. We are referring to the current iteration of our managed services plan as “version 3.5” or “v3.5”. We encourage all clients to be on at least v3.5 or better for security purposes.
This is an evolutionary journey, and some clients are hesitant to increase expense to further limit risk by implementing additional security services. Limiting the “included” security features, while we feel it is important, helps keep the base price affordable for cost-sensitive clients. Read more...
Moving forward in 2022 SpireTech VIPSupport managed services package renewals will have Huntress included in the base package.
Huntress is specialized Managed Detection and response software backed by humans that looks for persistent footholds, backdoors, and other sorts of malware that anti-virus technology misses. When we tested huntress on over 1000 computers, we found that 2% of those systems contained things that conventional anti-virus software missed, the most common problem was banking trojans – lying in wait to steal bank passwords.
Each threat detected gets analyzed by their ThreatOps team, a remediation plan is developed, and put into action – usually without needing any disruption of the person working. If ransomware is detected, Huntress will isolate the system from the internet and network to prevent spread.
Five Essential Steps You Should Be Following to Protect Your Business
Cybersecurity threats are an ongoing issue for various industries from medical practices to architecture and engineering firms. Unfortunately, the consequences can often be disastrous, leading to breaches in confidential data or sensitive client information.
These cyber security threats are alarming and the data is clear:
A new study found that 22.8 million people were affected by healthcare security breaches in the first half of 2021.
During the first half of 2021 the number of breaches reported to the U.S. Dept of Health and Human Services Office for Civil Rights rose by 27%.
Cybercrime is slated to cause as much as $6 trillion in damages this year around the globe.
So how can you protect your business from these cybersecurity threats? By providing adequate training for all employees and ironclad security measures to protect all clients.
Foundational Security Training for Every Employee
The greatest security threat to any business is actually a minor mistake made by an employee that could result in a breach or attack. Read more...
Some of our employees just returned from a training session in Denver, CO – the first time we’ve attended such an event in person since Early 2020. Most of the discussion revolved around security and the persistent threat of ransomware.
We heard first-hand experiences from others that have been the victim of ransomware attacks. Ransomware is devastating to any business, and is certainly top of mind for us. While our basic managed services package includes Sophos Intercept X, which does well at stopping ransomware, we need to do more. Behind the scenes, we’ve been taking actions to increase our security posture and better protect our clients. In the coming months, we’ll be introducing additional security services to help keep our clients safe and secure – while at the same time increasing our readiness in case of an incident.
IT security is becoming more of an issue for insurance coverage, renewals, and large clients of our clients. Read more...
Microsoft has been working on this for a while, and now it’s generally available. Basically, it’s your desktop in the cloud. Instead of VPN’ing into work, or using remote desktop to control a computer at your office, you can access these resources hosted in Microsoft’s datacenters. This may simplify things for companies moving to a permanent virtual workplace, getting rid of offices, and still using legacy software or systems.
We suspect most of our clients will need the Enterprise version, and adopting this technology will require re-architecting and rethinking some of our legacy ways of computing. Of course, none of this is needed if you are already using cloud-based software or file storage such as Microsoft 365 and SharePoint – but if you have multi-user accounting systems that are on-premise, CAD systems using files off of a server, or other legacy systems – and want to move to a cloud model – this technology can simplify that transition.
Pricing depends on performance requirements – it starts around $50/mo per user for a mid-level system plus implementation and management costs. Read more...
Although SpireTech uses Kaseya software for systems management, neither SpireTech or our customers were victims of the latest headline news breach. Our response, analysis of the hack, explanation of why we were not affected, and plans moving forward are below.
Kaseya makes software for IT systems management. It is used by enterprises and managed service providers alike to streamline technician effectiveness, enabling a few technicians to manage thousands of systems at scale, including patch management, health monitoring, and providing helpdesk services. Kaseya, based in Miami Florida, is one of the largest vendors of this type of software. SpireTech has been using Kaseya software for over ten years.
We sent the following notification to VIPsupport client key contacts on Friday afternoon:
On Friday 7/2/21 at 12:48pm PT we were notified by our Remote Monitoring & Management vendor, Kaseya, of an active security incident involving their software being used to deploy ransomware, and advising us to shutdown our management server until security experts can determine the cause.
We have shutdown our server under the presumption this will protect us (and you), and are actively monitoring our Sophos Intercept-X software for indicators of compromise – and at this point, there are none.
Due to changes in policy with our vendors, we can no longer credit Microsoft 365 services for partial months or partial years. This is a change in the cost structure to us, and we are simply passing these costs on to our customers.
Reassignment of licenses are ok, but reductions in license count will not result in a credit for the current month. Clients on annual Microsoft billing may wish to consider switching to monthly because of these changes at your next renewal.
Along with many of our clients, we’re switching the entire office over to Microsoft 365 Business Voice (Teams voice). We’ve been using it on the Professional Services side of the house for nearly a year, and now the entire team will be on it. Our legacy PRI service recently reached the end of its contract, and we will be saving several hundred dollars a month as a result. The move was accelerated by some problems with our incoming line provided by Lumen (formerly Centurylink) last week. Clients calling in may have noticed some disconnects or issues reaching us during that time.
The change will take effect Wed June 9th. After this happens, you may notice some differences when calling in for support. The menu options have changed, and the queue will no longer say your place in line when holding. These settings are subject to change as we adjust to the new system and learn what works best. Read more...