![\"\"](\"https:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2015\/05\/vintage-teacher-300x232.png\")
Let\u2019s be honest, managed IT can be a nuisance to end users, particularly when it comes to security considerations. They\u2019re interested in doing business, not updating their passwords every three months. They may smile and nod politely when presented with safety precautions, but IT security has nothing to do with their daily operations.<\/p>\n
That\u2019s where you, the managed IT provider, enter stage left to protect these people from, well, themselves. Your role is to inform them of best practices, show them what to look for with suspicious correspondence and paint a clear, vivid picture of the hell that can result from taking a relaxed approach toward security measures.<\/p>\n
![\"\"](\"https:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2019\/01\/Jeff-Leder.jpg\")
Jeff Leder,
Impact Networking<\/p><\/div>\n
Jeff Leder, the director of managed IT security services for Impact Networking of Lake Forest, IL, feels the single greatest blind spot and attack vector can be found in unprepared users. He notes that malicious actors often seem to prioritize social engineering tactics over adversarial techniques, thus advanced security awareness training is a vital first step toward enhanced cybersecurity.<\/p>\n
\u201cOther areas of concern often include inattentiveness and complacency as it pertains to IT infrastructure,\u201d he added. \u201cBaseline security practices like patching, proper firewall configuration, and password policy management which are overlooked create dangerous situations for client organizations.\u201d<\/p>\n
As organizations scale, Leder notes it increases the potential for users to be less aware of the dangers lurking from the outside. Even the antiquated Nigerian prince scam has become sophisticated and complex, while other phishing attacks pray upon people\u2019s fears by indicating their information may have been compromised during an actual attack\u2014thus riding the coattails of a successful data breach. This underscores the importance of implementing security training and launching simulated phishing attacks that use a variety of tactics to help show users what they should look for in identifying potential red flags.<\/p>\n
\u201cWhen you follow the simulations with training campaigns for users who fall susceptible to various tactics, it\u2019s a great way to ultimately lead users down a path where they really do think before they click,\u201d he added.<\/p>\n
Have Device, Will Travel<\/strong><\/p>\n Jim George, DME<\/p><\/div>\n When a dealer such as Cincinnati-based Donnellon McCarthy Enterprises takes over the managed IT needs of a client, one of the greatest vulnerabilities that exist lies in outdated equipment, according to company President Jim George. Perhaps some are overlooked and underused, but still represent a danger zone. Some businesses haven\u2019t upgraded to Windows 10 or are still running old servers.<\/p>\n \u201cThe Internet of Things is creeping its way into business like bring your own device has,\u201d George noted. \u201cThese types of devices help hackers find vulnerabilities and create issues. There is also an educational process on the type of actions that users need to avoid breaches.\u00a0Our suggestion is that businesses make cybersecurity education part of their orientation process.\u201d<\/p>\n Derick Tallman, Access Systems<\/p><\/div>\n Derick Tallman, IT security and operations manager at Access Systems of Waukee, IA, notes his dealership relishes its advisory role and the importance of illustrating to clients the controls and solutions that are the backbone of cybersecurity protection. Access Systems host lunch-and-learn events to cover some of the more remedial elements of strong security practices, and tests user vulnerabilities through simulated email phishing attacks, buffered by integrated training.<\/p>\n Part of the challenge, Tallman points out, is balancing end-user convenience with securing systems. \u201cDoes a client want open systems that are easy and convenient to access, or do they want to lock down their systems with strong IT controls such as strong passwords and multifactor authentication?\u201d he posed. \u201cSome of the biggest blind spots we face are updating system components as customers may feel that their systems aren\u2019t \u2018broken\u2019 today, so why do they need to update?<\/p>\n \u201cStaying on top of recent system components \u2013 from updating and patching operating systems and programs to getting hardware that is within warranty \u2013 can help minimize the security risks that the business faces. Having customers understand that having their data backed up is no longer just for the risk of physical data destruction, but can be a lifeline in the event of a security incident is also frequently addressed.\u201d<\/p>\n Specific Attacks<\/strong><\/p>\n Monique Phalen, Attacks can come in many forms and through various vulnerabilities, and for AIS of Las Vegas, it requires navigating clients through the mass of threats, notes Monique Phalen, director of IT. They can range from gift card scams to social engineering and Google Drive attacks. AIS simulates phishing attacks through Webroot and provides certifications to employees, compliance officers and operations managers to enable clients to test at the company level.<\/p>\n AIS constantly polls companies, business and technology leaders to gauge what is working, along with what is emerging. \u201cWe\u2019re that man behind the curtain; we don\u2019t want the customers to see us working behind the scenes,\u201d Phalen said. \u201cWe want end users to feel safe and secure, but encourage them to always keep one eye open. It\u2019s actually quite interesting to see all these ways people try to come up with to attack businesses\u2026it never gets boring.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":" Let\u2019s be honest, managed IT can be a nuisance to end users, particularly when it comes to security considerations. They\u2019re interested in doing business, not updating their passwords every three months. They may smile and nod politely when presented with safety precautions, but IT security has nothing to do with their daily operations. That\u2019s where you, the managed IT provider, enter stage left to protect these people from, well, themselves. Your role is to inform them of best practices, show them what to look for with suspicious correspondence and paint a clear, vivid picture of the hell that can result from taking a relaxed approach toward security measures. Jeff Leder, the director of managed IT security services for Impact Networking of Lake Forest, IL, feels the single greatest blind spot and attack vector can be found in unprepared users. He notes that malicious actors often seem to prioritize social engineering tactics over adversarial techniques, thus advanced security awareness training is a vital first step toward enhanced cybersecurity. \u201cOther areas of concern often include inattentiveness and complacency as it pertains to IT infrastructure,\u201d he added. \u201cBaseline security practices like patching, proper firewall configuration, and password policy management which are overlooked create dangerous situations for client organizations.\u201d As organizations scale, Leder notes it increases the potential for users to be less aware of the dangers lurking from the outside. Even the antiquated Nigerian prince scam has become sophisticated and complex, while other phishing attacks pray upon people\u2019s fears by indicating their information may have been compromised during an actual attack\u2014thus riding the coattails of a successful data breach. This underscores the importance of implementing security training and launching simulated phishing attacks that use a variety of tactics to help show users what they should look for in identifying potential red flags. \u201cWhen you follow the simulations with training campaigns for users who fall susceptible to various tactics, it\u2019s a great way to ultimately lead users down a path where they really do think before they click,\u201d he added. Have Device, Will Travel When a dealer such as Cincinnati-based Donnellon McCarthy Enterprises takes over the managed IT needs of a client, one of the greatest vulnerabilities that exist lies in outdated equipment, according to company President Jim George. Perhaps some are overlooked and underused, but still represent a danger zone. Some businesses haven\u2019t upgraded to Windows 10 or are still running old servers. \u201cThe Internet of Things is creeping its way into business like bring your own device has,\u201d George noted. \u201cThese types of devices help hackers find vulnerabilities and create issues. There is also an educational process on the type of actions that users need to avoid breaches.\u00a0Our suggestion is that businesses make cybersecurity education part of their orientation process.\u201d Derick Tallman, IT security and operations manager at Access Systems of Waukee, IA, notes his dealership relishes its advisory role and the importance of illustrating to clients the controls and solutions that are the backbone of cybersecurity protection. Access Systems host lunch-and-learn events to cover some of the more remedial elements of strong security practices, and tests user vulnerabilities through simulated email phishing attacks, buffered by integrated training. Part of the challenge, Tallman points out, is balancing end-user convenience with securing systems. \u201cDoes a client want open systems that are easy and convenient to access, or do they want to lock down their systems with strong IT controls such as strong passwords and multifactor authentication?\u201d he posed. \u201cSome of the biggest blind spots we face are updating system components as customers may feel that their systems aren\u2019t \u2018broken\u2019 today, so why do they need to update? \u201cStaying on top of recent system components \u2013 from updating and patching operating systems and programs to getting hardware that is within warranty \u2013 can help minimize the security risks that the business faces. Having customers understand that having their data backed up is no longer just for the risk of physical data destruction, but can be a lifeline in the event of a security incident is also frequently addressed.\u201d Specific Attacks Attacks can come in many forms and through various vulnerabilities, and for AIS of Las Vegas, it requires navigating clients through the mass of threats, notes Monique Phalen, director of IT. They can range from gift card scams to social engineering and Google Drive attacks. AIS simulates phishing attacks through Webroot and provides certifications to employees, compliance officers and operations managers to enable clients to test at the company level. AIS constantly polls companies, business and technology leaders to gauge what is working, along with what is emerging. \u201cWe\u2019re that man behind the curtain; we don\u2019t want the customers to see us working behind the scenes,\u201d Phalen said. \u201cWe want end users to feel safe and secure, but encourage them to always keep one eye open. It\u2019s actually quite interesting to see all these ways people try to come up with to attack businesses\u2026it never gets boring.\u201d<\/p>\n","protected":false},"author":166,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1650,82,87,1638],"tags":[3216,3572,3221,2348],"_links":{"self":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts\/33082"}],"collection":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/users\/166"}],"replies":[{"embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/comments?post=33082"}],"version-history":[{"count":2,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts\/33082\/revisions"}],"predecessor-version":[{"id":33104,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts\/33082\/revisions\/33104"}],"wp:attachment":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/media?parent=33082"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/categories?post=33082"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/tags?post=33082"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"https:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2018\/08\/Jim-George.jpg\")
![\"\"](\"https:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2019\/01\/Derick-Tallman.jpg\")
![\"\"](\"https:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2019\/01\/Monique-Phalen.jpg\")
AIS of Las Vegas<\/p><\/div>\n