Meet Brian & Mary of Mid-Atlantic Data & Communications!
Tell us a little about your MSP…
Mid-Atlantic Data & Communications is currently located in Roanoke VA. We were started in 2004. We started this company originally just to make an extra $1200 a month in cash.
How long have you been a member of The 20?
We’ve been a member of The 20 since April of 2020.
Why did your MSP originally look to partner with The 20?
We partnered with The 20 to drive down the cost of our tool sets, partner with other resources that had knowledge that we didn’t and save money.
Tell us about the biggest change in your business since joining The 20.
Understanding scale and letting go.
What do you like most about being a member of The 20?
Our favorite part of being a member of The 20 is the 24 hour help desk as part of our sales strategy.
What do you think is the most important quality necessary for success?
Letting go.
What are your biggest business challenges?
Our biggest business challenge is documentation.
What are your areas of focus for 2021?
Operations and Sales/Marketing
What advice would you share with an MSP looking to scale their business?
Decide what you want to become and never lose focus on your goals!
What book are you currently reading?
Favorite blogs/podcasts
UpperRoom, Chris Voss, Darren Hardy, Less Brown
Interested in becoming a member like Mid-Atlantic Data & Communications? Click here for more information!
Meet George Monroy of Monroy IT Services!
Tell us a little about your MSP…
We are located in the San Antonio Hill Country. Monroy IT Services was established in 2004 in Houston, TX. I moved the company in 2010.
How long have you been a member of The 20?
It will be four years in August 2020.
Why did your MSP originally look to partner with The 20?
The company was not growing and it was a do or die decision. I spoke with Tim and he opened my eyes to why I was having a hard time growing. He hit the nail on the head.
Tell us about the biggest change in your business since joining The 20.
I was able to scale quickly like I could not in the past. I was also introduced to managed Google Adwords and that helped with lead gen. Then I was able to sell with some training from Tim.
What do you like most about being a member of The 20?
I love the Support Desk and the tight knit family of being in the same boat with other owners.
What do you think is the most important quality necessary for success?
An open mind and a willingness to execute.
What are your biggest business challenges?
Currently it is selling during Covid. We have gained one client so I am not complaining but it is definitely much slower growth than I had planned this year.
What are your areas of focus for 2020?
Close a co-managed It deal and move forward with a sales plan for more co-managed IT. We currently have one co-managed IT client.
What advice would you share with an MSP looking to scale their business?
This is easy. Join The 20 so you can focus on lead gen and sales. The 20 will handle the scale.
What book are you currently reading?
I am currently finishing up Gap Selling by Keenan, Then it may be Fix This Next by Mike Michalowicz.
Favorite blogs / podcasts
Interested in becoming a member like Monroy IT Services? Click here for more information!
Everyone talks about employee onboarding, but what about offboarding? Whether the change in employment is due to termination, a layoff, the end of a contract, or employee choice, the circumstance can elicit a strong emotional response. Even employees who leave on good terms can get curious in the result of their departure. Without proper offboarding, former employees continue to hold the “keys to the kingdom.” Do you really want to risk your organization’s reputation?
Of course not.
Did you know that only 29% of organizations have a formal offboarding process in place? Or that 59% share access credentials with other employees? How about that 52% share access with contractors? Heck, 53% say it’d be easy for a former employee to log in and access data! And 50% report that it can take up to a week or more to remove access to all sensitive systems!
Well, surely you know that 55% of US companies report that their organizations have been breached in the past, and that 44% of them had breaches that together cost millions of dollars…?
You didn’t?! Wow. Well, isn’t that crazy?
Offboarding Checklist
Don’t be one of those statistics. Click here to get our offboarding checklist that you can use to reduce your organization’s security risk.
Ransomware keeps appearing in headlines; attacking hospitals, banks, school districts, state and local governments, law enforcement agencies, as well as businesses of all sizes.
Holy moly. This isn’t good.
It’s reaching an epidemic level. The number of people targeted by ransomware is staggering: in the U.S. alone, 4.1% of the population (13.1 million). Back in 2016, cybercriminals collected $209 million in just the first 3 months from ransomware!
What is ransomware?
So what is it? What is this software wreaking havoc all over the globe?
Ransomware is a form of malicious software (or malware) that, once it’s taken over your computer, threatens you with great harm, usually by denying you access to your data. The attacker demands a ransom from the victim, then promises — though not always telling the truth of course — to restore access to the data upon payment. Users are then shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals typically in Bitcoin.
Ransomware has come to be viewed as an epidemic, expanding to more attacks from PCs to mobile devices and IoT. It is typically delivered through phishing emails, drive-by downloads or malvertising.
There are a few types of ransomware
- Crypto Ransomware
- Locker/Lock-Screen Ransomware
- Rogue Security Software: Fake AVs
Crypto Ransomware are variants that encrypt data on an infected host, and demand ransom in exchange for decrypting it. This is currently the most common ransomware type in the wild. Locker/Lock-Screen Ransomware are variants that deny access to the infected host and extort the victim for money in exchange for “releasing” it. Such variants are particularly popular among mobile ransomware. And finally, Rogue Security Software: Fake AVs are programs that “warn” the user against malware, which has already allegedly infected the host and can only be removed by purchasing the malicious “security software.”
There are several different ways attackers choose the organizations they target with ransomware. Sometimes it’s a matter of opportunity: for instance, attackers might target universities because they tend to have smaller security teams and a disparate user base that does a lot of file sharing, making it easier to penetrate their defenses.
On the other hand, some organizations are tempting targets because they seem more likely to pay a ransom quickly. For instance, government agencies or medical facilities often need immediate access to their files. Law firms and other organizations with sensitive data may be willing to pay to keep news of a compromise quiet — and these organizations may be uniquely sensitive to leakware attacks.
But don’t feel like you’re safe if you don’t fit these categories: some ransomware spreads automatically and indiscriminately across the internet.
Defensive steps to prevent ransomware infection
There are a number of defensive steps you can take to prevent ransomware infection:
- Keep your operating system patched and up-to-date to ensure you have fewer vulnerabilities to exploit.
- Don’t install software or give it administrative privileges unless you know exactly what it is and what it does.
- Install antivirus software, which detects malicious programs like ransomware as they arrive, and whitelisting software, which prevents unauthorized applications from executing in the first place.
- And, of course, back up your files, frequently and automatically! That won’t stop a malware attack, but it can make the damage caused by one much less significant.
Good luck out there.
I thought I had a bad weekend. Then I heard about the Chili’s Data Breach.
Turns out Brinker International had issues that far outweigh the problems from sleeping on a 10-year-old mattress. The parent company of the Dallas-based Chili’s Bar & Grill said it learned of a data breach on Friday that included payment card information possibly being compromised between March and April of this year.
Brinker International responds to the Chili’s data breach
According to a press release on Brinker International’s website, the company said the following:
Based on the details of the issue currently uncovered, we believe that malware was used to gather payment card information including credit or debit card numbers as well as cardholder names from our payment-related systems for in-restaurant purchases at certain Chili’s restaurants. Currently, we believe the data incident was limited to between March – April 2018; however, we continue to assess the scope of the incident.
Chili’s does not collect certain personal information (such as social security number, full date of birth, or federal or state identification number) from Guests. Therefore, this personal information was not compromised.
Brinker apologized to those who may be affected and said it is working with third-party forensic experts to investigate. “We sincerely apologize to those who may have been affected and assure you we are working diligently to resolve this incident,” Brinker said in a written statement on its website.
Additional information about the breach can be found on the Brinker International site.
Brinker International shares so far are down 0.87% as a result.
Upon further investigation, I found that Brinker International recently brought on a company called Red Hat solutions to offer support for its guests across its mobile app, website, in-restaurant table kiosks, and curbside dining. By using Red Hat solutions, according to their website, “Brinker built a unified e-commerce environment to support faster development and deployment, scale to meet peak traffic demands, and ensure the protection of guest data.”
Red Hat published a Brinker International case study shortly thereafter and stated that, “This is a guest-facing platform that takes credit card transactions, so it’s got to be highly secure… with a Red Hat-based container, we know it’s from a trusted partner and know it meets all PCI [Payment Card Industry] requirements, while letting developers and other internal users to spin up environments quickly.”
Could the Chili’s data breach have been prevented?
Not to place blame, and this is highly speculative, but did Brinker International or Chili’s themselves drop the ball by not fully utilizing its tools? With Red Hat meeting the requirements of PCI compliance, did Brinker or Chili’s overlook something? Too many false positives? How vulnerable were they? Was payment information shared and stored somewhere it shouldn’t have been? Obviously without any information provided from the forensic investigation, it’s all speculation at this point. But it just goes to show how important it is to have all of your ducks in a row. There is no substitute for having your I’s dotted and your T’s crossed when it comes to data protection. I’m sure there’s another cliché I could come up with, but I think you get the point.
Data breaches have been all too common in today’s cybersphere. A series of notable ― and massive ― data breaches occurred last year. Equifax, Uber, the Dallas emergency siren network and state election systems were just a few of the targets of successful hacks.
The title seems a bit obvious, right? Of course data privacy is important. I mean, how could not keeping your data private be a good thing? Spoiler alert: it can’t. There’s only a downside.
Well what “data” are we speaking of, first off? That seems pretty vague…
For us as individuals, data can simply refer to what makes us all identifiable. This can include our address, our Social Security number; health and medical records to take it a step further. For the business sector, it can mean proprietary research and development data, or financial information that shows how a company is spending and investing its money.
And all of this information should be guarded based on relative importance. An example being that you probably wouldn’t think too much about sharing your name with someone you’ve never met before, while introducing yourself to them at a party. But then there’s other information you wouldn’t share with them, at least not initially, until you got to know that person a lot better. If you’re opening a new bank account, however, you’ll probably be asked to share quite a bit of personal information, that goes well beyond your name, and that’s okay.
Digital everything amplifies the importance of data privacy
But in 2018, everything is digital. We’ve digitized everything. This may not technically apply to everyone (shout out to all the senior citizens out there!), but by and large, it does. And if you’re reading this blog, it absolutely does.
When data that should be kept private gets in the wrong hands, bad things can happen. A data breach at a government agency can put top secret information in the hands of the enemy. A breach at a corporation can put proprietary data in the hands of a competitor. And so on and so forth; you get the point.
The Online Trust Alliance (OTA) in 2016 found that 34% of data breaches happen through external means. This is the traditional idea of hacking, where a perpetrator gains access to a system from the outside. About 7% of breaches occurred because of lost or stolen devices, and another 9% occurred because of lost, stolen or misplaced documents. While some of these issues happen by accident, others are planned attacks by hackers to acquire data.
Securing information is key to data privacy
Data security can only work in concert with strong preventative policies to back up the technology. While data security measures can be quite effective, important strategies such as keeping up with patches and utilizing encryption can help ensure that the technology actually works.
Securing information will continue to play a massive role in not only our personal lives, but in business and government. At The 20, our IT Management Platform, 24/7 Help Desk, and Network Operations Center (NOC) are 100% US-based so client information stays secure and in compliance with federal and industry regulations. Our nationwide group of IT companies support almost any technology we come across in the field, which gives us a competitive advantage that no other IT company can touch.
What are you doing to keep your data private?
IS YOUR #SMALLBIZ SAFE?
Small businesses are the target of almost two-thirds of all cyber attacks.
Download our infographic on the negative effects data breaches can bring to a company.
