Once upon a time, the pace of technology was measured in generations. Then it became decades. After the onset of the internet revolution and the iPhone, the measuring stick became five years, then three years. Now, ironically, looking beyond three years might cause one to be accused of being short-sighted.
The same can be said for business plans. The five- and 10-year plans, while (somewhat) still a part of the enterprise-level blueprint, are quickly evaporating. Look beyond three years, and you’re bound to be rewriting your initiatives before long.
As an offshoot of the pace of technology, the evil-doers/bad actors who deign to penetrate your clients’ businesses and valuable data are also stepping up their efforts to find those weak vulnerability points. That places the onus on security measures to hold serve and adapt, and dealers—much like their clients—must maintain a level of vigilance.
“Over the course of the last two years, IT security is something we continue to invest time in,” noted Bill McLaughlin, chief technology officer for Atlantic, Tomorrow’s Office in New York City. “You can’t stay static in that space. The criminals are constantly improving themselves, their tools and techniques. You have to make sure you’re staying on top of the technology that can help effectively mitigate your risk. Unfortunately, you can’t stop it altogether—it’s too prevalent, too constant and too sophisticated. The second you become complacent is the second you become that much more vulnerable. So it’s ongoing and continuous risk mitigation.”
Following Governance Standards
In years past, dealers such as EO Johnson would encourage their clients in unregulated industries to emulate the same IT security standards as those in the health care, legal and other sectors that are regulated and have stringent requirements regarding confidential information. According to Peter Kujawa, president of Locknet, the managed IT division of EO Johnson in Wausau, WI, unregulated industries were loath to make the financial commitment. But the prevalence of security breaches has caused an about-face in the attitude toward security spending.
“Over the last three to four years, the constant barrage of news stories regarding security incidents at larger and even smaller companies—in some cases, in local areas where our clients are located—has really put nonregulated businesses on notice that they need to be doing these things as well,” Kujawa said. “If they’re not doing them today or don’t have the capability to do them in-house, they need to outsource it. In my experience, most SMBs, even some larger companies, don’t have the in-house experience to do true security work. That is a good thing for many companies to outsource.
“We have a number of clients who we don’t do any server or desktop support for; the only thing we do is augment their internal IT team with managed security offerings.”
Another area that has grown from an awareness standpoint is the potential of security vulnerabilities on imaging devices, he added. “Our security team has worked with the imaging team at EO Johnson to help train them on best practices for secure deployments of MSPs and printers.”
Covering All Bases
So how are dealers ensuring they’re doing their part to provide a level of assurance that addresses the evolving threats? Donnellon McCarthy Enterprises (DME) of Cincinnati offers services that assist with cybersecurity resilience, according to President Jim George. By blending business continuity and enterprise resilience services, DME can create a security strategy that can respond quickly to threats and minimize the impact of an attack, allowing the client to continue to work during the intrusion.
“The most important service is having a good disaster recovery partner,” George noted. “Some of the commercialized services aren’t testing their backup regularly for clients and others won’t provide a quick recovery. Today, it is all about partnering. We look for proactive partners that are staffed for managing attacks and are doing the right things to prevent issues. As we help our clients avoid issues, our partners are making sure that we are staying ahead of the next threat. Constant evaluation of new services and security software is important.”
George added that clients need to be educated about available solutions. DME offers cyber threat monitoring, assessments and endpoint management. Covering the fundamentals—improving password security, user awareness and user behavior—is critical, and George is closely monitoring the concept of identity governance as another opportunity for DME.