Enable your business to thrive in a disruptive world

Digital Trust is a make or break for your business

In today’s digital world where most business is done online and data breaches are becoming more common, digital trust has become a valuable commodity for those companies that earn it. This phenomenon – where trust has become the currency of which businesses differentiate themselves from others – is starting to change the way businesses look at security. A report by CA Technologies, says that 86% surveyed said that security is more important to them than convenience when choosing a product or service online. What does Digital Trust mean? We do business with those whom we trust, but we do more business with those whom we trust more.

Digital trust is under attack

Unfortunately, digital trust is under attack more than ever before:

  • 300% spike in cybercrime during the COVID-19 pandemic
  • 57% of attacks are missed by traditional antivirus solutions
  • 69% of businesses spend more time managing tools than defending against the threats

Only the cyber resilient will survive and thrive. Digital transformation has not only brought new business models and opportunities, but also new vulnerabilities. Advanced threats and attacks push the security of most companies to their limits. More remote workers increase the exposure to security risks, and most organizations lack the expertise to deal with increasingly complex threats. So while businesses are becoming aware of the importance of cybersecurity, most have no idea whether they are sufficiently protected or not.

How protected is your business?

While cybercriminals can destroy your business and all you built, 83% of business owners don’t have a contingency plan for dealing with security threats. As a result, when attacks happen – even small ones – they can be incredibly costly and time-consuming.

When thinking about your cyber protection strategy, there are important questions that need to be asked. Foremost among them: Are the critical assets that power your business safeguarded? Those assets include your data, devices, and, just as important, your reputation.

Why your business should outsource your security strategy

Like most business owners, you want to focus on your core business – your drive and area of expertise likely isn’t cybersecurity.

Outsourcing your cybersecurity strategy makes sense because, if chosen properly, a managed service provider (MSP) can ensure the unique cybersecurity needs of your organization are met, enabling you and your employees to focus on the business. If they truly understand your business’s unique priorities and risk tolerances, the right MSP can keep your cybersecurity effective and as simple as possible – becoming a trusted advisor and an extension of your team. 

So, one of the most important skills of any technology partner is excellent listening skills. A managed service provider should be your trusted advisor and fit into your environment (not the other way around) to become a true partner and part of your team. By focusing on your point of view and aligning with your business goals, an MSP can build a security program specific to your business’s needs. Ensuring your organization’s cyber resilience makes it a safe, thriving environment that welcomes innovation, maximizes productivity, and is able to cultivate the digital trust of your customers.

A sound cybersecurity practice is not just technology: it’s people

Enabling cyber resilience means ensuring your business uses best-in-class technology, but it also is reinforced with people. A trusted technology partner should be an expert in providing cyber leadership. Comprehensive endpoint detection, protection, and response plans enable an MSP to help you monitor and manage all of your business’s data, applications, and systems – regardless of location. Balancing that technology with human intelligence is critical. Security awareness, training, and processes that enable your team as the first line of defense are key to thriving in today’s disruptive world.

Its time to make digital trust a top priority

Over the past year, people around the world have moved online and now conduct most of their lives digitally – whether personal or professional. For most, this shift has required increased trust from all of us. The shift to a digital world impacts your business, its brand, and the trust of your customers. Trust is a big business; loss of consumer trust can wreak havoc on your business’s brand reputation and finances.

Keeping cybersecurity as simple as possible and instilling a relationship with a trusted IT technology partner who understands your unique business requirements are key to a successful outcome in today’s disruptive world.

What GM Auto Dealers Need To Know About The New FTC Safeguards Rule

Updated March 17, 2023

Have you received notice from GM that, as a dealership you must meet the FTC Safeguards Rule by June 9th, 2023?

The FTC has stated that the Safeguards Rule applies to all businesses that control or process nonpublic personal information about consumers for whom they provide goods or services, or whose data they hold. It also applies to any business that is affiliated with another company that falls under the Safeguards Rule requirements.

What are the Safeguard Rule’s Requirements?

1. Designate a Qualified Individual to implement and supervise your information security program

This person should have significant knowledge of information security. The FTC recommends that you make sure this person has the ability to:

  • Identify possible security risks
  • Evaluate potential solutions
  • Develop policies and procedures to address those risks
  • Ensure that the policies and procedures are followed
  • Add project management and organization
  • Report clearly and concisely to the board of directors 

2. Conduct a risk assessment

The risk assessment is to be performed periodically and must be used to guide the continued updating and enforcement of your information security program. A written record of these risk assessments must be maintained.

3. Design and implement safeguards to control the risks identified. Including:

  • Implement and periodically review access controls
  • Know what you have and where you have it
  • Encrypt customer information on your system and when it’s in transit
  • Assess your apps
  • Implement multi-factor authentication for anyone accessing customer information on your system
  • Dispose of customer information securely
  • Anticipate and evaluate changes to your information system or network
  • Maintain a log of authorized users’ activity and keep an eye out for unauthorized access
  • Regularly monitor and test the effectiveness of your safeguards

Importantly, customer information is defined very broadly under the Safeguards Rule so the safest practice is to consider any information a customer provides (even simply their name) as covered customer information.

4. Train your staff

Everyone in your dealership needs to understand the importance of protecting customer data. Dealerships must implement policies and procedures to ensure employees are properly enacting and carrying out the information security program, including through security awareness training, utilizing qualified information security personnel to carry out and oversee the information security program, and keeping staff up to date on newly-identified risks or threats so that the information security program can be continuously fine-tuned and updated to address emerging risks. Staff at different levels will need different training based on role.

5. Monitor your service providers

Dealerships must ensure that service providers or third parties that have access to their customer information maintain safeguards commiserate with a dealership’s own information security program and periodically assess their level of access to such information and whether the safeguards they maintain are sufficient. Dealerships must take steps to monitor their service providers’ compliance with this rule.

6. Keep your information security program current (this must be updated yearly at a minimum)

Evaluate security programs and adjust them in light of the results of testing and monitoring. It should always be a priority to stay updated on everything that’s going on with your security systems.

7. Create a written incident response plan

A written incident response plan is a document that details how your dealership will respond if there is an unanticipated breach of your information systems or exposure of customer data. The plan should include, but is not limited to:

  • The goals of your plan
  • Guidelines for internal and external communications and information sharing regarding the incident (e.g., what to say to customers, the media, and other stakeholders)
  • Clear delineation of roles and responsibilities for decision-makers in dealing with the incident
  • An internal process for responding to an incident (e.g., determining whether or not it was caused by someone within your organization) and correcting any issue that has arisen
  • An internal process for investigating when it looks like something has happened but no one knows exactly what happened yet
  • Training materials so that everyone can learn what their role is in responding to an incident
  • A post mortem of what happened and a revision of your incident response plan and information security program based on what you learned

8. Require your Qualified Individual to report to your Board of Directors

The designated Qualified Individual must report in writing, at least annually, to the dealership’s board of directors or equivalent governing body on the status of your dealership’s information security program and compliance with the Safeguards Rule as well as material events related to information systems security and the implementation and enforcement of your information security program.

What are the consequences if the Safeguard Rule’s Requirements aren’t met by June 9th, 2023?

Failure to abide by requirements can come at a price. Companies that receive this Notice and nevertheless engage in prohibited practices can face:

  • Lengthy oversight periods or disabling access to information systems
  • Civil penalties of up to $46,517 per violation
  • Prison time of up to five years

Notices of Penalty Offenses | Federal Trade Commission (ftc.gov))

CIT Helps Your Auto Dealership Remain in Compliance with The FTC Safeguards Rule

There isn’t a DIY fix to meet these requirements. Our Cybersecurity and Managed Services teams have worked with Minnesota and Western Wisconsin GM dealerships to make sure they are ready for these requirements, and any future compliance needs. Avoid the consequences coming June 9th and contact our team today.

Technology For Business Podcast Season 1 Episode 5: Choosing an Managed Service Provider (MSP)

Kyle and Rob sat down this week to chat about choosing a Managed Service Provider (MSP). They discuss pros and cons, questions you should be asking, and how to know whether or not an MSP might be a good fit for your SMB.

Listen now

Have a question for Kyle or Rob? Email info@cit-net.com.

Episode Transcription

Transcript has been edited for clarity


Kelsey Sarff: [00:00:00] Good morning. Welcome to today’s CIT tech for business podcast. Today, we’re sitting down with Kyle and Rob to discuss what to consider when hiring an MSP. Just a little moment to introduce myself. I know this is our fifth tech for business podcast. I’m Kelsey I’m part of our marketing team, and I’m going to be asking these guys just a couple of questions, help us keep centered from all of our tangents that we love to have.

But I’m at kick it right over to you guys. Why don’t you guys give me, give us your first name, your title, and then we’ll dive right into it.

Kyle Etter: Thanks Kelsey. Um, my name is Kyle Etter. I am the President and CEO at CIT.

Rob Cramer: Hey, good morning. I’m Rob Cramer. I am the Director of Managed Services, a CIT.

Kelsey Sarff: Awesome. Thank you both.

As I kind of let us into in our intro talking about MSPs this morning, managed service providers. What are MSPs?

Rob Cramer: Well, that’s a great question, uh, to different people. Managed Service providers mean different things, but in general, a managed [00:01:00] service provider is an organization that you can call this, going to help answer, uh, computer quote questions for your users, whether that’s, um, you know, how do I install this Microsoft application?

How do I print? I’m having problems printing. Can you fix it for me? Um, sometimes it’s more important to talk about what they’re not, and we can get into that.

Kyle Etter: Yeah, I think just to add to that a little bit. So there’s an agreement typically it’s a monthly reoccurring fee. Uh, usually based on users are devices that you have, um, to support your it infrastructure.

So, as Rob mentioned is obviously there’s typically a help desk there’s technical expertise provided. By the MSP partner that you choose. And then there’s a set of tools, typically automation to help control costs as well as, as, uh, bringing in a management framework for how you manage your IT infrastructure.

So it usually provides us some software for, for management, for things [00:02:00] like patching of Microsoft patching, patching or what we call third-party applications, your web browsers, different components, um, making sure that things are up or down if the servers or firewalls are key components in your it infrastructure to automatically monitor for their status, as well as other things.

How much disc space is in used is the processor running high CPU usage, those types of things. So you have a lot of metrics and, and other things that get gathered by those tools. So very valuable, but it’s a combination of obviously, um, trained and experienced personnel plus software and services, and a monthly agreement is at a high level.

What it is. It definitely varies by the. Our a MSP on how they package it, but it’s, uh, the end of the day, that’s kind of sums up what it is.

Kelsey Sarff: Awesome. That makes [00:03:00] sense. It’s still a lot of things, right, right out of the gate that you’re like, we can do this for you. Congratulations. And some of these are going to have acronyms, just like the name of it.

Um, but you guys briefly mentioned it, right? These are all of the things that MSP can do. Kind of made my brain go – are our MSPs just local companies, or can they be bigger organizations that tend to have more outsourcing? What’s kind of the range of where you can find MSPs and where they’re local.

Rob Cramer: You can find them everywhere.

Um, you got any of those peas that are, that are anything from a, from a one or two-person company that, that support, uh, you know, small groups within their area, uh, to very large national organizations that have, uh, thousands of engineers spread across the world. And the trick is finding the one that’s the right fit for you.

Uh, you know, somebody who’s going to be, uh, well suited to your organization who can really partner with you, learn your, your ins and outs of your, your unique, uh, environment, um, and help support you on that. So, um, [00:04:00] smaller, large, uh, you know, there are advantages in both directions, uh, finding the right fit is really what’s.

Kelsey Sarff: No, that makes perfect sense and launches right into my next question. How do you find one with all of those options out there?

Rob Cramer: That’s a great question. Um, you know, I, I guess I’d start off with, uh, you know, looking at, uh, some of the common options asking friends or colleagues, you know, who they’ve worked with, if they have any recommendations, cause find somebody, uh, you know, that, that somebody else has wanted to recommend usually is a good indicator.

That they’re, they’re a solid company that they’re gonna be. Do a good job supporting your environment, um, you know, going to Google and just typing in a search and just randomly calling somebody, you don’t know what you’re going to get. You could be getting a, you know, a one-person shop out of, uh, out of 10 book to, uh, and they don’t know, you know, your environment, they don’t know, you know, your, your industry.

Um, and when they go on vacation, you still lose your support. So, you know, sometimes you’re looking for that organization is just the right size that they have enough engineers. When somebody is on vacation, you still get to call and you still get to talk. Somebody [00:05:00] still get support. But they’re not so big that you’re just a, you know, a, um, you know, a small fish in a big pond, if you will, that, uh, that they don’t really know anything about you, they don’t learn your environment.

You’re just, you know, it’s just another person calling you. You could just be, as we’ll be calling, uh, you know, a manufacturer someplace and talking to a help desk in India, you don’t, you don’t really know. Right. Finding that right organization, um, asking around, asking, like I said, asking your peers, asking the other organizations in your industry, uh, if they’re using a master spider who they’ve used and who they like, uh, is probably one of your, your really strong indicators of a good place to start.

Kyle Etter: Yeah. That’s what I was going to say too. I think, I think the referral side is always a strong aspect. Um, you know, as as mentioned, there are national ones. You know, being a local provider, can it be slanted towards believing? There’s a lot of value in, in the local, uh, provider, just because. From what we’ve seen over the years, just being remote, um, is not enough.

You know, there is [00:06:00] definitely times, you know, you need to be onsite and you want to be onsite. Do you want to make the connection? It’s, it’s, it’s gonna there’s things you would need to do to keep upgrading on the systems and other components. And it’s just, um, you know, nearly impossible to just, you can’t do it all.

Um, it just, um, if you have onsite support to handle those things and you just need some augmentative, then possibly, you know, a national provider, could it fill the need for you, but, um, in many cases where you’re truly looking for, you know, an it partner that can be more holistic. And usually we find from, for the customers we work with, you know, the intention or the expectation is, is that they’re looking for, you know, Onsite remote, you know, the whole, the whole gamut, you know, the whole end game is to say they want it working, um, and keep the systems, keep their users productive.

And, um, you know, quite often, you know, a local provider I think provides a little more closer relationship, closer [00:07:00] alignment with what the customers are actually expecting.

Kelsey Sarff: Perfect. Oh, sorry,

Rob Cramer: nah, go ahead. Well, I just asked you add a little bit to that. Comics excellent point. And that is, uh, you know, managed service providers, uh, as, as we are, um, we gather a ton of data.

We learn a lot about the customer’s environment. Um, and one of the things that that lends itself to is really looking towards the future. And as we move forward, you know, what’s going to be the best fit for the order for the customer in the future. Do they need to be looking at a specific type of technology or, or something, you know, that’s coming down the line, or do we need to make some changes to their system to optimize it?

Having that holistic coverage, where you actually have engineers who can come onsite and can have that hands-on expertise for you. Um, really kind of fills out that managed service, a service desk environment and allows you to kind of have the other side of it. So if you don’t have that local it presence and you, and you, you need that kind of help, uh, looking for a provider that [00:08:00] has kind of that full packages is going to be variable.

Kelsey Sarff: Yeah, that makes perfect sense. Just really, really quickly that kind of brought up the question, right. That I say I’m the customer. And of course in today’s world I’m hybrid, or a lot of my workers are remote and yes, it’s great to have somebody on site, but how does that work? Let’s say that I have right employees that are all working from their homes, somebody in Hawaii, somebody here would a local MSP still be able to provide the support that.

Rob Cramer: Yeah, actually, uh, very, very effectively. And, um, if you’re the type organization who may have a local network administrator, um, with an organization like. Ours will give you access to the tools. So you can actually use our tools to help support your remote users wherever they have to be. Um, so just like we use it to help promote in and shadow somebody to screen and, and solve a problem.

Uh, look like an IT person could use that same tool to do that work as well. So yeah, it is very effective. Um, having the knowledge of the organization, uh, learning about their unique software and applications and [00:09:00] how their users need to phone. Um, really is, is more critical than where they’re sitting.

Uh, you know, when, when the pandemic hit, we saw this, this mass migration to this hybrid environment, um, and those organizations who had, uh, some pre-planning for that who had some users who traveled in time had some, uh, ability to work remotely, uh, actually were able to make that transition very easy.

And organizations that are fairly static, very in-house. Um, they had to scramble a bit, and they had to lean pretty heavily on people like, uh, like their main service provider to help them figure out how to get their users out to the house and still be able to do what they need to do. And, um, it was a, it was a very interesting time to see how different organizations reacted to that.

Kyle Etter: Yeah. Yeah. Very, very much so. And I also think that you know, the tools themselves give such. Ease of access to get to those devices, but you know, to have a local provider that can prep those devices and has them sent to those remote workers when [00:10:00] they are ready for upgrades, you know, we see a lot of synergies and a lot of value in that as well.

Um, just the consistency of the support provider to understand the nuances that everybody’s, it systems has. Nothing is a one size fits all. It never is. They’re never the same. So. You know, the, the way that they prefer to have their devices set up and what the user’s expectation is of the workstation, when they receive it, you know, needs to be planned out a quarterly.

So when you send it to that remote worker, you don’t want them to be as productive, as fast as possible. Um, and we find a lot of synergy and, you know, the pre prep, pre imaging, um, even with cloud connected desktops and Azure ID and those things, you know, you want to go through. Prep on those devices too, before they go to the users.

And I think a national provider, a very difficult time executing.

Kelsey Sarff: I smell a future podcast coming there about prepping devices, [00:11:00] 30 minute discussion. So yes, we’ll like tuck that one in our pocket for a future one. Um, but let’s say that I am a customer. I have X number of employees. Is there a certain number of employees that when I’m interviewing an MSP?

I should say yes. You’re going to be a good fit or no, I’m either too big for you or you’re too big for me. Do you guys tend to come across that when talking to people.

Rob Cramer: You know, Kyle can speak a little bit to that probably more than I can as he’s in a lot of those pre-meetings. But, uh, if I look at the kind of customers that we have, um, we have a lot of customers from very small, um, you know, five, 10 users, um, all the way up to, you know, to several hundred users.

Um, so, so does that mean that that one size fits all? No, but, but there is a point I think you will find. Um, that you need to know the organization you’re partnering with has the backend infrastructure and capacity to handle, uh, the, the types of issues you’re going to [00:12:00] have. Um, did they have the training and stuff you need?

Um, a lot of the larger organizations will tend to get a little bit more complex. They may very well have, um, a more advanced environment. Uh, and, and if you’re working with an MSP, that’s a. Um, a little on the smaller side, they may not have the breadth of experience and knowledge that you’re looking for.

So, yeah, it is an important question to ask. Um, does that mean that one organization can’t service both? No, uh, as I said, we, we have many customers that kind of span the, the environment size. Would I want to take on a, you know, 10,000 user organization? I don’t think I’d be ready for that. You know, I, I think I’d have questioned whether or not we have the capacity to handle the number of calls and stuff, but, um, that doesn’t mean it’s not possible.

It really depends on the environment, and what their expectations are.

Kyle Etter: Yeah, I think it’s a no again, there is no one size fits all on this side of it. It’s how it’s the role the MSP provides, um, can be adjusted accordingly. Um, the smaller [00:13:00] organizations Rob said once you’re, you know, you’re typically less than, uh, you know, 50 full-time employees, you know, an MSP essentially could be your it department.

You know, they, they handle the onsite. They provide the remote help desk. They manage the systems, they do the upgrades, and they handle everything. As you start to get larger. Um, and definitely, uh, more than a hundred plus users, typically you start to see a need for an onsite. It person, somebody within the organization that is now a full-time employee, but the MSP is augmentative.

They handle projects, they handle, you know, keeping an eye on the systems. 24 7, they provide the management platform. That resource uses, um, as an augmentative side of it, but then that employee is more focused on the users, um, for the customer’s productivity, as well as their data, their systems, their line of business applications.

As you get bigger, those become complex. I know we might [00:14:00] talk a little bit about this. Let’s go through there is where it’s a struggle for an MSP is once you get into that internal line of business systems MSPs, we can’t go that deep into the organization side of it. It’s a more, you know, um, higher level.

It support for the functional. Now, the desktops and the patching and the health of the networks and the security of the systems and those things. But once you get into that data, you know, having somebody onsite who really understands that keeps the users okay. Comes very productive and most larger employees.

That’s where it really starts to, to be a need, but an MSP can provide a tremendous augmented. Consistent support that has, you know, for, for us, we’re 24 by seven. I know there are other MSPs around. So looking for those that you have somebody on glass, you know, around the clock that can, you know, give you a call.

If the system’s reporting offline, they can potentially take to make sure things are patched to give you the management platform to manage it. There’s a tremendous value in that. That [00:15:00] again, having somebody internally to try to build that themselves just takes them away from the core business, um, because the MSPs do a very, very good job of that.

It’s what they’re purpose built for.

Rob Cramer: Kyle’s point there, you know, we’re, we’re not going to know a lot of those line of business applications. However, for some of our customers who were kind of in that in-between category, they don’t have a local it person, but they have kind of a unique application.

Um, we proxy that we will call the vendor on their behalf. We’ll get the tickets set up and we’ll, we’ll work with the user to try and solve that problem. We don’t necessarily have that expertise, but. Broker the connection and help translate for you for the person on the technical side, uh, to the business side.

Uh, so, um, you know, we can act as kind of the intermediary for those calls as well. When we. Good point.

Kelsey Sarff: Perfect. I was going to say two things first. Can you give an example of some of those line of business applications, which ones are easier to practice proxy with? Which ones are maybe a red flag to be [00:16:00] like, Hey, you’re going to have to use their support.

Well, that’s kind of a grab bag, but just if somebody was like, how do I look at my applications and know whether this is going to be a problem child at work it’s…

Kyle Etter: fairly easy.

Um, a lot of those, you know, accounting for any of your counties. And so it kind of falls in the ERP side of it. Do you want it to get into those things? Um, I won’t name anyone by naming the ones. Um, and obviously some things that are custom-built side with it. Um, and even some of it is just the data workflow that some organizations have evolved into how they’re using, you know, your Word and Excel documents, their files share structure.

Companies have evolved over the decades of, of how they’re using just, you know, uh, unstructured data that just sits on a file share within it. Um, in very unique ways, ran into those things and they have very unique processes with all the print and share and execute a [00:17:00] workflow within their business side of it.

So, um, you know, it could be very far-reaching, uh, and for an MSP to walk in the door and just have, you know, Th there’s no magic sauce to just say, boom, we get it. We understand everything. There’s it, it takes, you know, it takes time and certainly to go deeper into those things. Again, we have to rely on the vendors or somebody onsite to champion those products so that we can make sure that the systems are operational and healthy, and available.

Up to the point of, then once it’s in the application, it gets much more complex, but that just requires a lot of collaboration and making sure that you’re talking, which I think circles back. I think the importance of the local, because you need that regular cadence and communication to keep everybody on the same page, just as you would, if they were internal, you need to make sure that the teams are talking, whether they’re external, not, you gotta have.

And [00:18:00] that’s definitely what we’ve seen over the years is just that they need to w when we’ve seen things start to become problematic between our services and the customer increasing the cadence between our managed team and the customers’ teams. Resolve those challenges, whether we go to a weekly call and then make sure things are quieted down because some system upgrade went through, there’s a spike in calls.

Users are upset. The customer comes upset and starts talking more or accuracy things start to get back on track. People are collaborating better, and then you start to move forward. So it’s not that much different than what you do internally between departments things aren’t working. You got to get people meeting.

To resolve things. And that’s, you got to look at your MSP, and that way it kind of extension to say they don’t have a crystal ball. They’re not going to feel walk in and see things under, you know, behind the curtain. So you gotta, you gotta get people talking.[00:19:00]

Rob Cramer: Uh, one of the things that came out of college that came to my mind was, um, uh, you know, we talked about the calls and the Cades and stuff with the customer, um, to be clear, it’s not always an IT person. We’re talking to the customer when, when we’re talking about those applications, that who’s, that point of contact is for the, for the, um, the line of business application.

Sometimes that is the. The accounting person, sometimes that is the office administrator, but they have the knowledge that local application that, that there is interface locally on-site for that support. Uh, when we’re, when we’re troubleshooting.

Kelsey Sarff: No, that all makes perfect sense. And I know it can be, right, a whole deep dark hole of it’s hard within 30 minutes to say, “Hey, here’s all of the things that you can look at.” But in that vein, if you had to really high level say I have a business, I’m looking at MSP. When would an MSP maybe not be the best fit and when should I maybe look to hire somebody internal

Rob Cramer: boy, that’s a tough question.

Um, [00:20:00] There are a lot of different things. I think that play into that. First of all, um, you know, what’s your technology environment like today? Um, is it fairly stable? Is it, um, is it functioning and providing the resources you need to do, your business moving forward? If it’s just kind of hanging on, buy, buy, buy, buy a shred of life.

And it’s kind of about to die. That may not be an indication you want an MSP, but rather just a technology part of it can come in and help you kind of bring some new life into that. Get it up to upgrade it, get it stable. Um, and then to maintain it going forward. You would want to look to an MSP, somebody who can help you, um, as you look to the future to make sure that things are again, patching it, that they’re healthy, that you’ve got, you know, good, uh, security in place.

Um, and then as new things come around and we understand your business, we should be able to work with you during things like quarterly business reviews to say. Here are some things you should be playing for. Did you know that Microsoft server 2012 R two [00:21:00] goes into life and in October of 2023, we should be planning an upgrade?

We should be looking to make sure that we’re staying ahead of this so that we can do it in a controlled manner and not get blindsided all of a sudden and have to scramble because that’s always going to put you in a bad situation. So, um, if you’re, if you’re in a good situation today, and you’re just looking for that, that help, that, that kind of, that, that security and that, that support to keep things.

It’s a great time to start talking to an MSP. Um, if you’ve got to look like an IT person and you go, you know what, this person’s going to be out for a period of time, they’re gonna take some vacation. They want it, they want it. Some, you know, they have a personal life too. They can’t always be available. I need somebody to help them to augment them.

That’s another great reason to look for an MSP. Um, you know, we’re not there to replace that IT person, we’re there to be their partner to be their henchmen, if you will to help them keep that environment working. If coming to an MSP and saying, Hey, my environment’s a complete mess.

I need somebody straight into that. Somebody who’s holistic. Like, like [00:22:00] we are, we can work with you. We can work with your environment. We can get you upgraded and then transition that into our maintenance and support and managed services. So there are a lot of different things that can play into that.

Um, is there one right time for every company now that you kind of gotta look at it and say, what are my needs? Uh, am I, am I growing to the point where I don’t know how to keep this functioning? I don’t know what the future holds. I need some, some advice then it’s probably a good time to talk.

Kyle Etter: Yeah. Yeah.

I think it’s very far-reaching, but I think Rob makes a very good point. What I’ve seen from customers. If, if, if they’re, if you’re looking at the MSP and you’re thinking it’s there, they’re going to go into that managed service contract is going to alleviate all your IP problems and you have a lot of it problems that are not going to be the fixed.

You know, Y you, you may have had somebody else managing the, it, whether it’s another managed service provider, or it was somebody internal or an independent contractor. If the IT budget wasn’t realistic if you were not [00:23:00] investing in the correct IT infrastructure. And that is the reason for the issues, just switching to another provider or bringing an MSP.

And there was not. That by itself, fix it. You’re going to have to, you know, allow for, and have strategic conversations to make sure that you’re investing in the IT infrastructure to make it work right. The customers that we work with. Uh, continuing to invest in drive the most value out of it. Invest in there.

It, it, it, it is not inexpensive. It’s not something that needs to be managed for the least cost possible. That has never been a successful model. I’ve done this for over 30 years. The customers with the least cost is never proven successful. I’ve never seen it. Um, why there can be some costs. Benefits of the MSP side of it.

Again, we mentioned some of those on providing the platform, providing the augmentation, providing those things. That’s just working smarter and using, you know, people in their right [00:24:00] seats to drive the most value out of your IT spend. And, you know, it can definitely be done in those customers that we engage with that do that, you know, there’s tremendous synergy and they really drive their it systems and we see them actually produce better results for their customers in that.

The end goal, you know, and that works. It looks tremendous side of it. So, you know, take a close look. My advice is to make sure you have a realistic budget for this.

Rob Cramer: Technology is a tool it’s a tool to use in your business to help your business, to move forward, and to service your customers. And just like any tool, you gotta take care of it.

If you don’t take care of the tool, it’s going to fail you when you need it. The most.

Kelsey Sarff: No, that makes perfect sense. Right? There are all of these tools, all of these options, and just kind of wrapping it up for today’s discussion, because I feel like we could probably turn this into a whole series of, I could go on so many changes.

It’s about all of these things, but let’s say that I am looking at somebody and I’m looking at their tool set, and I’m looking at all of the in-house services beyond, right. You go to the MSP website and they’re like, we can do printing and we can do [00:25:00] all of this and your brain goes, do I need all of that? And again, I’m sure it’s custom to the customer, but is there something that if you were looking at the checklist and you were being like, okay, what are some of the kind of differentiators between MSPs that are maybe red flags or things that you’re like a pro tip?

That’s a great thing to have.

Rob Cramer: I think in, in this, um, in this current, uh, environment that we all live in, um, uh, any provider that you’ve partnered with, any MSP that you look at, uh, really should have a strong security focus. You want somebody who’s going to be looking out for your environment to make sure that we’re doing the right things, to keep you as secure as possible.

Um, that, so their tools should reflect that. So if they’re not using, um, current tools, things like an in-point detection response, or what’s called EDR. Um, you know, traditional antivirus is fine, but EDR is really, um, you know, uh, an important factor for securing those endpoints. Um, and again, it’s really the recommendation that, that I would expect most MSPs to be making to their customers today.

So [00:26:00] looking for a customer for an MSP company that has a strong focus on keeping your environment secure, as well as being able to support you, um, around the clock when your business needs it. Uh, I think those are some of the key factors that you should be doing.

Kyle Etter: Yeah. I, I think having the managed service provider, having security trained personnel on staff is also, you know, in 2022 and incredibly important.

Um, you know, just because nobody has a good us security incident, free card, it seems there’s a lot of things that come through there and having, you know, experts to go through those things. And. I think it’s an important point. Not all MSPs are equal. I know when you see the proposals that look very static, we all present very similar things in a little different manner, but it can be confusing, you know, ask about how the.

Oh, they secure their systems. Ask how their staff handle these after hours? How do they handle a [00:27:00] security incident? If it were to occur, what would they do? Um, you know, I vet those out. Um, if, if they’re too small for your needs side of it, you’re going to find a pretty large gap there.

And that’s going to be, you know, strenuous on, uh, in a critical situation to make it worse. You know, and ask how they approach the IT budgeting side of it. As another thing, as we just talked about that side of it, do they help with having realistic budgets that are strategic and aligned with the business?

So you have predictive spend as much as possible with this. That brings in the security, uh, and investment sides of those and the operational budget and just the overall support of the systems. How do they account for it? How do they do it? And then how do they secure the systems? Because MSPs, in this side of it, we all know that we’re under, you know, under the scope of the, of the, of the threat actors to come after, because there’s, you know, we have access to system sides of that.

So [00:28:00] if your MSP is not. You know, you’re opening yourself up for an issue there as well. So just stuff that you want to definitely ask to make sure that they have things covered. Um, we’re a SOC two type two. We went through that certification. We invest in a tremendous amount of tools, sides of those.

The EDR Rob mentioned is, you know, definitely one thing we, we rolled in early last year side of that, into the platform side of it, because you need to keep evolving these. It’s well beyond just patching and the ability to remote control and 22 is what you want your MSP to be.

Rob Cramer: That sounds like it routes up really well. I’ve not got a lot more to say on that topic.

Kelsey Sarff: Like, and that’s the cherry on top, and no, as I’ve mentioned on this one, I feel like we could talk with both of you and multiple different series. I’m hoping that this sparks good questions for people where people are like, “what did you mean by that?”

And that we can turn it into a whole other series, but thank you both for [00:29:00] sitting down today, what is an MSP? All for good things, but how do people get in contact with us, if they do have those questions, they can. It’s info@cit-net.com or they can head on out to our podcast page, which is cit-net.com/podcast.

There’s a form on there. You can send us an email, or call us. These guys love to talk. If you haven’t caught on by now five episodes. And we’re like, yeah, we can talk all the time. We just keep ourselves on a timer for these. So we’re going to be back next week with another episode, but thank you both so much for joining another tech for business podcast.

CIT is moving to a new Remote Monitoring and Management (RMM) tool!

CIT is moving to a new Remote Monitoring and Management (RMM) tool!

What we’ve been using:

CIT has been using ConnectWise Automate as our RMM tool paired with ConnectWise Control for the remote screen share function. This has served us well for the past couple of years, but we are on track to outgrow the performance and capabilities of the current RMM tool.

What we are moving to:

We are moving to a more modern ConnectWise product – ConnectWise RMM. This new tool will still use ConnectWise Control for the remote screen share function. This means you and your end users will still have a familiar support process. This new RMM tool will provide greater performance, stability, and room for growth. It is based on a modern architecture that will enable future features that would not be possible with our current RMM tool.

We will begin deploying ConnectWise RMM agents alongside our existing Automate agents. This ensures all currently supported devices are available in the new tool before removing them from the existing agent.

What to expect:

For most, nothing will look different. For the end user’s computers there will be a period when (2) CIT Icons will be in the Windows System tray. We will move all Operating System (OS) Patching to the new tool along with notifications and alerts. We will turn these functions off in Automate at that time so only one tool is controlling them. After we confirm everything is working in the new tool, we will remove the Automate agent.

Changes to workstation patching:

With our new RMM tool, we will download and install approved patches to all Windows workstation devices as soon as they are tested and approved by the ConnectWise Network Operations Center (NOC). To complete the patching there will be an after-hours scheduled reboot. This is the best practice recommendation to ensure devices are patched with the monthly Microsoft quality updates. Only the Workstations are changing to the new installation process.

Server patching will remain on Saturday mornings between 12am and 4am with a reboot during that time to complete the patches. If you have a custom server patch time window currently, we will be mirroring those with our new RMM tool. This means your servers will continue to have the same patch windows as they do today.

When is this change happening?

Our CIT Services team will work with you to schedule installing ConnectWise RMM and removing ConnectWise Automate. Please email support@cit-net.com or contact your Account Manager if you have any questions or concerns.

Managed Service Feedback and Why it’s Important

Managed Service Feedback and Why it’s Important

What is Managed Services Feedback? 

After your ticket is closed by a Managed Services Engineer, you will receive an email asking for your feedback.  The feedback asks one question “How did we do on this request?” It provides you with three faces to choose from and an ability to add comments if you want but is not required.

Why is the feedback so important? 

We love hearing from you, the customer, on how your experience was on your ticket.  This feedback is used to better your experience with CIT and the Managed Services Team.

How are we utilizing your feedback? 

This is used to create and update policies and procedures. It is also used to reflect on how our engineers are doing.  All feedback is reviewed by the Managed Services Leadership Team and the engineer you worked with.

When is it important to provide feedback?  

All feedback is beneficial to our team and the improvement of Managed Services. We especially like to hear when you are satisfied with your support or when you feel there are improvements to be made.

Feedback is by far the most important thing you can do to help us best support you.  We strongly believe some of the best conversations with customers come from these feedback calls. A member of the Managed Service Leadership Team will call on all neutral and negative feedback. This gives us an opportunity to work together to understand what happened and how to make changes moving forward. We understand that everyone is busy, but we greatly value this form of communication and love to hear from you.

Thank You,

Manage Services Leadership Team

Born and Raised in Minnesota

Born and Raised in Minnesota

Driving along Interstate 90 in Southern Minnesota is probably one of the less scenic drives of your life. Yes, there’s corn, oh and soybeans, and maybe a windmill or two. It’s all different kinds of green. As you cruise west from Albert Lea (definitely not speeding) you’ll come across Sherburn, MN. It’s got the quintessential Minnesota small-town vibe. Yes, that includes the gas station that serves as the one-stop shop for the town. Where that bright and shiny station now stands once was a family restaurant. In the basement of that restaurant is where our CEO & President, Kyle Etter, got his start.

As we look forward to our new location in Rochester, MN we also look back to why southern Minnesota? Well, because southern Minnesota shaped Kyle’s values and passions. Before he was deep in the technology trenches, he washed dishes at his parent’s restaurant – starting at the age of 8.

While, yes, it means that he has a work ethic that puts most of us that are heavily caffeinated to shame (although you rarely see him without a source of caffeine…) the emphasis was on connecting with those who came in and being an integral part of the community. That feeling of being somewhere where everyone knows your name (bonus points if you just say that.) Feeling acknowledged and important, checking in, and staying after the food was gone to enjoy the company. Just spend an afternoon with Kyle’s dad, Bill – he can tell you to this day the details of who ran what business in town and what was going on in someone’s life or who was getting into trouble. Getting to know someone on that deep, personal level is something that we’ve seen Kyle bring to Computer Integration Technologies, Inc., (CIT). Ask him about any customer’s network – he can not only tell you every in and out, but he can also tell you about those business owners and what makes them great.

Being part of a small business was not new to the Etter family. Those stories about small towns where everyone knows everyone and all the businesses are run by those neighbors? That’s where Kyle’s beginnings come from. His grandparents owned the hotel, restaurant, and dress shop in Madelia, MN, and cybersecurity wasn’t even a thought in anyone’s brain. While technology has evolved, the core values of small businesses and the hardworking people behind them are much the same.

When Kyle became the CEO & President in 2020 (after starting in 1992 at CIT as a tech) the first initiative with leadership was to establish core values – People, Passion, Integrity, Culture, and Solutions.

In today’s business landscape IT companies can feel like Starbucks in Seattle – one on every street. So when Kyle set the plan in motion for CIT to expand he went with a community that reminded him of his upbringing. The cornfields, the small businesses where everyone knows your name, and yes, Interstate 90. Rochester is a community that is so unique and yet has retained its small-town values. You still get to feel connected and keep up with what is going on with the other local businesses. You still have the amazing locally owned and run business, and we are honored to have a new location in an incredible community.

Join Kyle on September 30th from 9 am-5 pm at our Rochester Open House.

Can’t make it? We’d love to connect with you 507.513.7810

Cybersecurity for the Small Business

Cybersecurity for the Small Business

Cybersecurity for the Small Business

Last year in the United States there were 65,000 ransomware attacks- over 7 per hour- and experts say it will most likely get worse before it gets better. In a study conducted in 2020 by Cloudwards, over 51% of businesses were hit by ransomware in 2020, and the estimate for 2021 is every 11 seconds a company will get hit.

The White House warned American businesses last week they should be taking urgent security measures to protect against these attacks, as most companies are ill-equipped to afford the disruption to their business or paying the ransom outright. 2019 saw a sharp increase in the cost of a ransomware attack, up from $6,000 in 2018 to $84,000 by the end of the year. These costs neglect to factor in things like lost opportunities, reduced production, rebuilding infrastructure after an attack, and loss of reputation.

With ransomware impacting large companies and government resources, what are smaller businesses to do to help protect themselves? All is not lost and there are several ways small to medium-sized businesses can help secure their networks.

Use a VPN and review firewall rules

Your firewall is the first line of defense to your network, make sure your company is using a VPN client for remote connections and review the access rules at minimum once a year to ensure only desired traffic is allowed in.

Apply multi-factor authentication whenever possible

Multifactor (MFA) or two-factor (2FA) authentication takes passwords to the next level. Instead of just relying on a username and password (something you know), now a token (something you have) is also applied to accounts to keep them safe from phishing or brute-force attacks. MFA or 2FA should be applied everywhere possible, including your VPN and email accounts.

Keep systems up to date

Apply vendor patches as soon as they are released and have been tested to prevent recent exploits from targeting your systems. Maintain a regular patch cycle and always apply emergent releases as soon as feasibly possible.

Backup systems off-site

One tactic ransomware threat actors will deploy is deleting backups before encrypting files. Having daily backups that are stored off-site and encrypted with a password not used anywhere else on the network can help reduce that possibility. Be sure to check backups regularly to ensure you could revert to them if needed.

Get additional visibility

You can’t protect what you can’t detect. Having a security toolset like a Security Information and Event Management (SIEM) solution provides additional visibility and can aggregate information from network devices such as firewalls, switches, endpoint detection, and cloud activity in a single pane of glass that is easy to review. A basic SIEM solution doesn’t have to break the bank but can offer valuable visibility into how all the parts and pieces of the network work together and highlight if and when a breakdown occurs.

Many companies have been increasingly turning to cyber insurance to help with incidents -but many industry experts are now discouraging payments as they only fuel further nefarious behavior. One insurance company in France, among Europe’s top five insurers, has stated they will no longer reimburse their customers for extortion payments made to ransomware criminals.

Make sure you secure your network to prevent your company from becoming a statistic, and please do not hesitate to reach out if you need any assistance. We offer a no-cost Gap Analysis to help you review your current state of business as well as offer suggestions as to what your company is doing right and what your company could improve on to increase your security posture and stance.

https://www.npr.org/2021/06/09/1004684788/u-s-suffers-over-7-ransomware-attacks-an-hour-its-now-a-national-security-risk

https://www.insurancejournal.com/news/international/2021/05/09/613255.htm

What is Managed Services?

What is Managed Services?

In the past 5 years the Google search “What is Managed Services?” has steadily been on the rise. Is it something in healthcare? A technology concierge? Andrew, our Managed Services Sales Engineer, sat down to give us a little clarity on the subject.

Ever since computers were invented, people needed to support them. These IT professionals needed to be sitting in front of the computer to solve the issue. As technology has processed, so have the tools to support that technology. Thanks to a complete Managed Services toolset, IT professionals can work on different issues on devices in multiple locations from one spot.

Managed Services (MS) has been able to consolidate and automate many of the tasks IT professionals used to perform manually.

MS is usually provided through a program installed on computers called an agent. The agent performs many active tasks like Windows update patching, anti-virus (AV) installation, and updates, providing a security support tunnel, and scheduled reboots. The agent generates alerts for devices that information IT pros if there is an issue with the device.

The toolset is not only limited to workstations and servers. MS includes everything from security monitoring and prevention, backup monitoring and disaster recovery solutions, password management systems, network device monitoring, and more!

Managed services aren’t just for big businesses with thousands of devices. MS can be implemented in any size organization, and with a full staff of IT professionals, MS providers can provide a full outsourced IT solution.

Andrew is currently our Managed Services Sales Engineer. He has been working in the IT industry for over 10 years and joined the CIT t team in 2016. When not working on IT, Andrew spends time with his wife and son in beautiful River Falls, WI.

How Can I Recover Lost Data? Your Guide to Data Recovery

How Can I Recover Lost Data? Your Guide to Data Recovery

We’ve all been there – the moment you hit delete and the panic sets in. Data protection is a key component of IT and can be simple with the right solution. Many times the focus of the protection is to just have a backup but the real focus should be on the ability to recover. Having a copy of your data without the ability to restore it in the time required is often not discovered until it is too late. 

Your data recovery plan should start with a solution that includes:

  1. Your recovery time (how fast do I need to back up and running).
  2. Your recovery point (how far back in time can the business afford to lose data).
  3. The ability and is tested on an annual basis.  
  4. The solution should also take into account different types of recovery from a single file recovery, entire system recovery, or entire site recovery.  

Solutions are available that can provide reliable backups that also include offsite replication and resources that allow for recovery both locally and remotely. 

Remote Work is Here to Stay – Top 3 Technology Solutions

Remote Work is Here to Stay – Top 3 Technology Solutions

Remote work has never been more mainstream than today. The pandemic shifted many jobs to remote, and as this shift occurred many workers have found that they prefer the remote place so much more so than the traditional office that they are willing to quit their current job if forced to return to the traditional setting.

Many companies also have seen an increase in productivity and lower operational expenses. So it is safe to say that remote workers will continue to be a larger part of the workforce going forward. Technology solutions have adapted, expanded, and exploded over the last year to address this shift.

The Top 3 Solutions for Your Remote Workforce

Microsoft Teams / Zoom Video Conference and Voice Solutions

It is no surprise that over the last year the number of video calls and meeting has exploded. These solutions have transformed what it means to have a meeting and also provide faster collaboration and unification of allowing your phone calls and video calls to handle by one platform

Modern Desktop

A modern desktop means that a remote employee’s laptop or desktop can be authenticated, managed and secured over the internet without a direct connection back to a corporate office.     This means that compliance, remote support and device maintenance can be handled with nothing more than connectivity to the internet. This solution also allows for high level of self-service IT to allow users to stay productive even outside of normal business hours with self-recovery and deployment capabilities.

Cloud-Enabled applications

The shift to cloud enabled applications has been occurring for a number of years. For a remote work force to be highly productive business need to look at their core applications and consider moving to applications that are internet facing and provide the ability to access without the need to connect via VPN etc. back to a corporate environment. This allows for work anytime/anyplace capability to have a ultra-productive remote workforce.