If you’re mega-busy like most people, you don’t have enough time to read through this guide in one sitting. Here are the five key takeaways that will help you supercharge your IT resources:
That’s why it’s essential to develop a
Using the free calculator tool, you can see how much it costs to have network maintenance, software updates, employee training and more covered under a monthly fixed-fee managed services contract.
Skipping this step could result in paying more for services you don’t need, or alarming your internal IT staff that you plan to keep around.
Consider what you need, figure out how much you want to be involved, and research the potential provider to narrow down your search.
If your contract doesn’t include these components, you could get a bad deal or end up in a bad situation with your managed services provider should the relationship go south.
We’ve seen big-name companies like Yahoo, Target and Equifax suffer from high-profile cyber security breaches. So it’s hard to imagine that hackers would go after small and mid-sized businesses when they could steal from corporations with billions in assets. You might be surprised to know that…
Hackers want you to think they’re going after big businesses so you’ll let your guard down. Then, they’ll use simple spear-phishing tactics to get access to your network. Sometimes, they could get access to your system without you even realizing it.
A small or mid-sized business can be a stepping stone to a larger hack. A wealth advisory group, for example, has information on businesses and people who hold a high dollar value. By gaining access to their network, a hacker could get all the data they need to go after a high dollar entity. Luckily, most businesses that house high-profile information protect their networks with ultra-secure cyber security software and their employees are regularly provided with cyber security awareness training.
A ransomware hacker is a different animal. Their goal is to get access to your network, then lock it down so you can’t access it. A victim of a ransomware hack will get a message across the screen that says, “Pay X amount of bitcoin to unlock files.” Sometimes, the unlock fee is small, like $250. Ransomware hackers think that if the price is small enough, a business is more likely to pay it rather than fighting it. Once they do this with 100 or so networks, they’ll amass a lot of money. That’s why IT vendors and police advise that businesses never pay the ransomware fee. Paying ransomware fees only encourages further crime.
While small businesses get hurt the most from a hack, hackers see them as easy targets. If employees do not know how to identify a spam email or untrustworthy website, they could give a hacker the key to the organization’s network without even realizing it.
One of the worst ways to get hacked is through an internal source, such as a malicious employee. Employees have access to a lot of confidential files. If they’re presented with an opportunity to sell those files for a substantial amount of money, or they want revenge for getting a bad review, they can cause some major damage. In fact, the biggest threat to your network security is your employees. Protect yourself by limiting software access to only the people who need it, then be proactive about monitoring your staff’s cyber activity.
Aside from employees, business owners have to fear external sources as well. Hackers use spam email tactics such as phishing, spear-phishing and spoofing to trick you and your staff to download their malware or give away their credentials. You would think spam tactics would be easy to spot, but that’s not always the case. Read how hackers are evolving their practices in our “free pizza” case study.
Careless internet browsing can open up your network to a hacker as well. Allowing employees total, unrestricted access to the internet can lead to issues if your staff clicks on the wrong link. What’s worse? You could get a hacker into your network and not even know it.
Malicious actors don’t have to go looking for weaknesses. Rapid7, a security services company, conducted an internet-wide scan and found millions of computers open for remote access. Combine that with a simple exploit on an unpatched system, and you have instant full access to that server.
Malware, for instance, can be pricey to fix. If your IT team has not been vigilant about keeping your backup systems operational, it could mean that your organization is stuck paying the ransomware fee and/or paying oodles for server downtime if a cyber attack occurs.
Downtime is a catastrophic state where an entire organization is locked out of its network and data. The only way to restore access is to use backups or pay the fee, which most IT experts and criminal investigators advise against.
Many organizations fail to realize that a cyber crime involves more than a hefty check to an IT vendor. It can cost them their reputation. Let’s take Equifax for example. Once they experienced a high-profile hack, their customers felt violated and nervous that their personal data was exposed to the internet forces of evil. Businesses are ethically obligated to alert their clients if their information was potentially compromised. So there’s no way of keeping a cyber attack under wraps.
Occasionally, we’ll find a business owner that says, “We’ll take our chances with cyber security.” Well, $1 million in disaster recovery plus a compromised reputation sounds a lot more expensive than a good network support team on your side…but maybe that’s just our math.
Antivirus is part of every good security plan, but it’s not the end-all be-all solution.
In fact, many IT vendors say that while it’s essential to have, it will not protect you from security threats. Before you spontaneously terminate your antivirus subscription, read on…
It’s essential to have multiple layers of protection on your network. In addition to antivirus, it’s essential to have a protective service monitor your email server or service plus a firewall to guard your network from internet threats. This should be set up on all your workstations, connected mobile devices and networking infrastructure.
Monitoring services, such as NextGen Security, can be an asset when analyzing network traffic behavior. For example, if Nancy in billing is always logged in from 7AM to 4PM Monday through Friday, the NextGen Security will raise a red flag if she suddenly logs in at 2:30AM on a Sunday. NextGen Security also works with a firewall service to flag and halt inappropriate internet traffic.
In addition to software, it’s vital to have backups and backup software in working order. Having an updated backup is key to restoring a network after a malware attack. Without that, it’s a coin-toss to see if the data will be restored to its original condition.
If a backup is experiencing issues, there should be a contact person in place that will get a notification. U.P.S. backup equipment is set to inform specified staff of power irregularities or equipment malfunctions. You’ll need to check the software every so often to ensure that the right person will get notified in a disaster.
Even if the antivirus, email protection, firewall, and backup software is installed and up to date, you’ll still be at risk if your employees don’t know cyber security best practices. Send this free cyber security awareness guide to get them quickly up-to-speed.
A lot of organizations are so busy with day-to-day functions that they don’t have time to keep on top of security software updates, infrastructure needs and employee training. That’s where managed services comes in to play.
Deciding to take the leap to managed services can be daunting, but it doesn’t have to be. That’s why we’ve put together this guide to help. Keep reading to learn what managed services are and how small and mid-sized businesses are leveraging this service to get the most out of their IT budget…
Keeping up on cyber security in a business is a daunting and exhausting task. Some businesses have the staff and resources to take care of their own IT needs in house, while others just don’t have the time and staff to take care of it at all. Managed services can either fill in the holes between the puzzle pieces or work as an all-encompassing IT vendor.
Let’s take a look at what “managed services” means and how it can seriously supercharge your IT efforts.
Managed services, otherwise referred to as “managed IT services,” gives business owners access to maintenance services, disaster recovery and technical support (like a “help desk”) at a fixed monthly price.
With most managed services contracts, clients get access to a specific IT expertise from a managed services provider (MSP) who will act as their guide to cyber security. The IT expert is available for questions from staff or recommendations when a client is ready to purchase new software or equipment.
Plenty of IT vendors are moving towards subscription-based IT support because of how easy it is to set up and how cost-effective it can be. It’s like switching from cable to HBO or Netflix, where you consolidate your entertainment services to a streaming service so you’ll have on-the-go access to exactly what you need, all at a fixed monthly fee.
Building a managed services plan isn’t a cut-and-dry process. The right managed services provider will listen carefully to a client before developing a contract. The basic services you’ll get out of a managed services agreement would be maintenance, disaster recovery and tech support.
The key point of a managed services plan is to take the stress off of a business to take care of IT and put it in the hands of a networking expert. That means those little, and sometimes daunting, IT tasks can come off your plate (cue the happy dance). Software maintenance, for example, tends to be one of those tasks that gets put on the back burner.
Installing workstation updates that come in the form of pop-up desktop alerts and software security patches are more important than you might think. If a software developer discovers a security vulnerability, they’ll build a fix for it and release it to users as a “security patch.” Working with a managed services provider will ensure that those security patches and other updates will be completed in a timely manner.
A managed services provider will provide you with tools to protect you from a cyber disaster. However, your managed services provider should include disaster recovery in your managed services plan. This could include services such as backup recovery and restore, plus onsite support in the event of a catastrophe.
Another basic service in a managed services plan is technical support. One of the major benefits of having a dedicated IT person who manages your cyber security is that you can pick their brain for troubleshooting tips or software recommendations. If Laura in HR experiences a sudden lock down on her email, tech support has it covered. If Robert in AP can’t connect to the internet, tech support is on the line. Usually managed services providers will quickly respond to a support ticket and get those small issues ironed out in a jiff.
While these are the basic components of a managed services plan, a good managed services provider will add to or subtract from these services based on your specific business needs to fit your budget. You’re not a cookie-cutter business, so you shouldn’t get cookie-cutter IT services. On the other hand, you shouldn’t blow your budget for services you don’t need.
Not everyone is a candidate for managed services. Google, for example, probably has a full suite of IT gurus who can manage all of the company’s networking needs.
The ideal candidate for a managed services plan is a business, small or large, that is ready to get bullet-proof cyber security, but doesn’t have all of the internal resources to do it.
A lot of organizations manage their own IT by designating a specific staff member who isn’t necessarily in a technology role. This could mean that the internet marketing manager, Rick, also holds the company IT role because the resources aren’t available to hire specialized staff, like a network administrator. Managed services is a cost-effective way to pull some of those IT responsibilities off of Rick’s hands so he can focus on his internet marketing tactics.
In many cases, an organization has a small dedicated IT staff. The problem is that the IT staff needs some of the basic maintenance, disaster recovery and support off their plate so they can shoulder more complex internal IT tasks. An organization may also want to transition their IT needs entirely out-of-house.
Organizations that don’t want to empty their wallets for expensive a-la-carte IT options at different vendors tend to gravitate towards managed services. Nonprofits, in particular, get a ton of benefits out of using a managed services plan.
Some business owners are eager to relinquish their IT responsibilities and have a competent IT vendor manage it. Others have IT personnel who want to be involved or they need to release their IT team and have a managed services provider take over. First, you need to figure out if you can trust your managed services provider. Hopefully, you can trust your MSP implicitly. Only then can you determine whether you are comfortable giving them the reins to your cyber security.
As businesses grow, their networking infrastructure and IT support needs evolve. It’s common to pay for specific services a-la-carte to keep up on growing needs. Once an organization grows to a certain level, they end up paying more for these a-la-carte services rather than consolidating them through one IT provider. Not only do the different fees add up, but it can cost time and energy to work with multiple IT groups. Having all your IT services taken care of through one IT provider can dramatically reduce time and costs, not to mention headaches.
Unless you’re selling homemade bracelets out of a tent for cash, you’ll need software and IT support. The going rate for a managed services plan varies based on how big your business is and how many services you need. If you’re a nonprofit start-up with two workstations, your cost for managed services is going to be significantly less than if you are a large construction company with multiple offices around the mid-Atlantic. You can get a preview of what it will cost by using this free calculator.
One simple solution is to use a free tool, like the network detective, to scan your network for vulnerabilities and get a recommendation from a cyber security expert…but that would be too easy, right?
You can also read on to learn how to start looking for local IT support…
Finding an outsourced IT vendor is a lot like picking out a new puppy. Whatever puppy you choose, you’ll have it a long time. So you have to do your research to ensure that you, your family and your puppy will have the right chemistry for the long term.
Selecting the right managed services provider takes the same amount of up-front work, but the end result doesn’t include a super-cute snuggly pup (we’re sorry). Instead, you’ll get a reliable team of trusted cyber experts who will protect and take care of your business’ cyber security needs.
Before getting too excited about shifting cyber security responsibilities off your hands, let’s discuss a few major tasks you have to complete before snagging the pup…er…we mean managed services provider…
This is an important step that we won’t sugar-coat: it might be an awkward one. If you’re in charge of IT, congratulations! You don’t have to have this conversation. If you have one, or a few, internal IT people on staff, make sure you start something like this:
Most IT personnel understand what managed services are. But it’s still vital that you do not make your star staff members feel undervalued. Let them know they’re crucial to this process and that their cooperation will be appreciated. Unless you’re planning to release them in lieu of a managed services provider. That’s a different kind of conversation…
It’s hard building a managed services plan when you don’t know what resources you need or already have. That’s why starting a conversation with your top tech employees is key to finding the right managed services provider.
Managed services providers will sometimes need access to your existing security software. They may also provide other essential software, like Microsoft Office 365, in their plan. Before you can even discuss what you want, you need to figure out what you already have.
Meet with your IT personnel and any other employees who have technology-related responsibilities. Come up with a networking cheat sheet that lists network information, like how many servers and workstations you have. Then, list your existing software subscriptions. (HINT: If you don’t feel like doing this, just request a free network scan and you’ll get a map of your network in minutes.)
After getting a basic list of your existing infrastructure and software subscriptions, check with your team to see if there’s anything they think can be more secure. Here are a few examples:
Bring these ideas to your first meeting with a potential managed services provider. Not only will you get a more accurate quote, but you’ll also get recommendations from the MSP that will help you decide if they’re worth it or not.
If you read “IT Support 101: Managed Services, then perhaps you already used the calculator to see how much managed services might cost your organization. It’s possible that you slurped back in your seat in dejection, but more likely you thought, “Huh, this really isn’t bad.”
Do what you can to find out how much you currently spend on IT. Then ask yourself, “Are there any holes in my cyber security coverage?” If you’re spending a little on IT, it’s likely that hackers are only going to have a little bit of a struggle trying to get to your network. Did we mention that 63% of organizations expect an ERP hack to cost more than $1 million?
Taking the burden of cyber security off of your existing staff will regenerate them to push forward on more complex projects that help you grow, thus maximizing your ROI on their efforts.
The right MSP will work with your budget, within reason. If you expect to pay for managed services with a bus token and a packet of gum, then we’re sorry, but it might not work for you.
Check out more than one MSP. If the team you’re about to work with is over budget, take a step back to see how much you really need. If you’re paying extra for 24-hour technical support when you’re only open 9-5, you can probably look at local managed services providers to get a better deal.
Yes, Skywalker. You’re ready to start looking for the Jedi…or the right managed services provider. (Are we really a quality tech guru if we don’t make one Star Wars reference in this guide? We didn’t think so.)
It’s easy to get overwhelmed with options from your first Google search. Read on for easy ways you can narrow down your options to find the right MSP.
If you really want to get overwhelmed with options, type “IT support near me” into the Google search bar. Go ahead…we dare you.
If you did it, you know just how many IT vendors are out there. Figuring out where to start is the hardest part. (HINT: you could start here…)
There are tons of consequences to selecting the wrong managed services provider. Some organizations end up getting sucked into a contract with a managed services provider that doesn’t produce the quality of services they claimed to. Others get adequate service, but they still get hacked by a cyber criminal and have to deal with a disaster recovery process.
What Clients Say When They Get A Bad Managed Services Provider:
To avoid getting trapped with the wrong IT vendor, and thus tearing your hair out in stress, use this simple checklist to help your search:
Your managed services provider is working behind the scenes while you’re operating business as usual. What is it that you want them to be doing?
Some businesses need the red carpet treatment, including 24/7 help desk support, new infrastructure and a personal IT representative at their beck and call. Usually, that’s a treatment built for a large organization with multiple offices or scattered staff in remote work spaces. The red carpet treatment is more expensive, but it’s worth it to protect your organization if you fit this criteria.
Sometimes, organizations think they need the red carpet treatment, but really they’ll be better off searching for a local MSP that can work with their existing infrastructure set up. If this is you, this doesn’t mean that you shouldn’t look into upgrading your equipment or splurging for 24/7 IT support, but if you’ve just purchased infrastructure and you’re only open 9-5, you may not need to splurge on the red carpet treatment.
Find the provider who gets to know you and scale their services to your business before signing with another MSP whose contract has all the bells and whistles but costs a pretty penny.
You know why you looked into managed services support. You either want to alleviate your team of unnecessary stress, or you’re ready to let go of the endless cyber security tasks and responsibilities altogether. Talk with your prospective IT support group to get a feel for exactly how involved you want them to be.
This is important. Research your potential provider before signing on the dotted line. If it sounds too good to be true, it probably is.
Your preliminary research should include a few Google searches and reading up on online reviews. If you see an overwhelming amount of negative reviews for a particular MSP, use caution.
Once you’ve met with a few MSPs, request to chat with some of their clients before signing a contract. Ask those client references to learn whether costs aligned with what was quoted, whether services matched what was promised, and how response time is. Then, ask how the service is going today. Is there a lot of staff turnover? Is the MSP easily reachable?
Your managed services provider pledges to protect your organization from a cyber threat. In order to trust that they’ll take care of your company, you need to do your research to find out if they’ll live up to their promises.
Next, let’s figure out how you’ll evaluate your top three providers to select the right one…
We all want the best deal for our money. If you’ve followed all the steps in this guide, then you’re ready to supercharge your organization’s IT with a trusty managed services provider. You just have to sign the contract.
The managed services contract, or Service Level Agreement (SLA), is key to starting your relationship with this IT group.
Here are five components of a solid managed services contract:
The last thing you want to think about before a wedding is a prenuptial agreement, but couples who divorce without one tend to regret it. It’s the same concept for a managed services contract.
If the MSP didn’t deliver, or your budget changed, you need a way out. Ensure that there’s a proper exit clause in your SLA that protects your business in case you have to terminate the relationship early.
The scope of services section details which IT specialists at the MSP you’ll have access to and who on your team they’ll work with.
At this point, you’ve already nailed down exactly how involved your IT group will be. The conclusion of that conversation should be stated in the SLA’s scope of services section.
If there’s anything else that needs to be purchased, such as additional infrastructure, software subscriptions, or cookie delivery for the IT consultants (it’s what every MSP hopes for), that will be listed in detail in this section.
Doesn’t it feel like every time you chat with your insurance agent about your homeowner’s policy, they don’t cover the one specific thing you need? That shouldn’t be the case for your IT support group.
Your plan should include basic maintenance, disaster recovery, infrastructure recommendations, security software, IT support, and the occasional cyber security alerts for you and your staff. If you’re missing any one of these basic components, you should evaluate whether it’s important to you or not.
Managed services contracts are pretty standard, but if yours doesn’t cover the one thing you might need, you could end up with the same tense feeling you get from working with your insurance company.
If you’ve found the right IT support group, they’ve already worked with you to figure out exactly what you need. If there are any custom conditions of your agreement that you’ve already worked out, they should be noted somewhere in the document.
If you’ve just purchased networking infrastructure, and your MSP has agreed to skirt their standard policy and work with yours, then that should be noted somewhere. If you’ve requested 24/7 support, but their standard is 9-5, then that should be noted as well.
Take your time reading through the contract to make sure that all terms you previously discussed are mentioned. Otherwise, you may need to revisit the exit clause later in your relationship with the managed services provider.
If the managed services contract has these components and you’ve done your research on the IT group, then the last piece of the puzzle is your signature. Congratulations, you’ve found a trusty IT provider to support you!