Archives For var

starbucks

Are You Providing Email Security as Part of Your MSP Offering?

Email Compromise Has Grown by %1300 Over the Past Year

Over 95% of your clients intellectual capital is digital today – more than likely, 50% of that is in clear-text email. Email compromises are now growing at astronomical rates.

Too many of your clients think spam is just a nuisance. It’s also malicious. While spam is responsible for landing bots on client systems, it’s the email scams that are fast becoming an easy win for hackers.

What I’m talking about here is fake email written by scammers, posing as the boss.

How Do Email Scams Work

It works like this…an email is sent from the boss to someone with the ability to transfer funds. The account information is provided, with a request to transfer $10,000 for example.

It may be a partnership deal, customer refund, or payment to a vendor. The person doing the transfer doesn’t have time to research it – they just transfer the money and go on to the next task. The cash is now sitting in a bogus account, controlled by the scammer.

These scams work! Why? Most of the companies you do business with are using technology to block viruses, not social engineering. These emails look legitimate.  They don’t contain malware of any kind. They’re simply a request coming, supposedly, from an executive. No one’s asking questions – they just move to get the job done.

Millions Are Being Lost

Over the past year roughly $3.1 billion worldwide, have been transferred using this scam. In the U.S., WSJ reports that, “as of last month, 14,032 victims of the scam had reached out to the FBI’s Crime Complaint Center within the past three years, with combined losses totaling more than $960 million.”

These losses come from all size companies – large and small business. No one is safe. Most of the transfers are going to China and Hong Kong – no surprise there.

Is There Anything That Can Be Done To Stop This?

Compromised or spoofed email accounts are nearly impossible to detect once the compromise is made. Stopping someone from spoofing by securing email servers and accounts is the first step.  But there’s more…

There are some solutions coming out right now through a cloud-based service, for an annual fee.  These services manage a white-list of approved senders.  Google, Microsoft, and a few start ups are working on this.

There’s also a need for security awareness in this area, as well as some procedures to follow when dealing with requests to transfer money. The technology isn’t there yet – clients may need to communicate these requests using some other means – not email.

I agree with the FBI position on email – businesses should not be using free email services.

© 2016, David Stelzl

 

Last week I met Brian NeSmith, President of Arctic Wolf out in Sunnyvale California. Great solution for small and medium business resellers who need a detection solution supporting their MSSP offering! Take 2 minutes to watch this video…this is what I’ve been preaching for the last decade.

© 2016, David Stelzl

Is Your MSP Business Growing?

How Many New Logos Did You Pick Up in 2015?

That was the question I started with in last nights Check Point/Tech Data event just outside of Boston. From the hand raises it looked like many groups I’ve spoken to in recent months.

Everyone has an MSP offering – meaning there are thousands of resellers offering basically the same thing…and most don’t see big growth.  2016 will probably show a decline in sales – and if you’re hoping to sell more product, forget it. The cloud really is hear to stay. Of course everything seems to go in cycles, so maybe we’ll move back to mainframes next, and then a new type of Token Ring network.

If you’re in sales, you know the technology is not all that important. Conversion is what matters. Do you have something people are interested in, need, and are willing to spend their hard-earned cash on? Last night I shared pieces of a presentation I use to convert small business audiences through lunch & learns. The point of the message is this: Everyone needs more security. This will become even more critical over the next 12 months as many companies adopt more apps, more cloud, and more BYOD. $1 HC Book Ad

The problem is, small business owners are limited on budget. If you ask them, they don’t need more security. In fact, they don’t need more of anything…well, what they really need more of is retained earnings and working capital.  Better workers would be a plus.

But the truth is, they really do need more security. They just can’t see it. If you had a way to attract them into an educational session, with a message that clearly explained the need…and brought them to a point of wanting to know where they really sit (Assessment), would new business result?  It would.

The core message I presented last night comes from my book, The House & The Cloud.It points out the one BIG mistake just about all companies have made. Their security centers around firewalls and passwords. There is no detection, and there is no response. And that means, once a breach occurs, they won’t know it for at least 14 months (According to the FBI – and it could be a lot longer.)  Next step – enter the Assessment.

Our meeting ended with Tech Data and Check Point offering qualified resellers a seat in the SVLC Security Sales Mastery Program…the only training program I know of specifically designed for resellers, to teach them how to sell more security to business leaders.

© 2016, David Stelzl

P.S. Looking forward to presenting this later today in NYC. – Sponsored by Ingram Micro.

ingram

 

BigData2016 Will Be The Year of Big Data

So What Does Big Data Have To Do With Managed IT?

In case you haven’t noticed, Managed IT is getting harder to sell. It’s a commodity. The Monthly Recurring Revenue is great – and you can probably ride the contracts you’ve landed over the past decade for a while. But don’t stop innovating – your churn rate will eventually catch up.

The future CIO and SMB business owner (company size doesn’t really matter), needs better intelligence. Specifically, they need analytics to help them navigate two areas. First, analytics will provide insights on customer behavior, experience, and engagement – a critical component of competitive advantage. Second, they need to know what’s happening with data security as they adopt new technologies to serve their client.  It’s this second area that every managed IT provider should be investigating right now.

Here are some things you should be adding to your offering right now:

  • UTM Firewalls that include the detection elements – sandbox technology, data leakage protection, malware (specifically bot) detection, intrusion prevention, etc.  Both Fortinet and Check Point have some compelling offerings worth checking out in 2016.
  • Centralized management and analytics – some way to watch over the UTM firewall, 7 by 24, with reporting that makes sense to the customer.
  • SIEM technology. For those in the SMB market, this is somewhat new. In the past, event correlation has been expensive and complicated. However there are some technologies out there that are  now making this possible. Arctic Wolf might be one to check out. Alien Vault also have some compelling technology, however the barrier to entry may be too high for most in the SMB space.
  • Continuous Scanning and Periodic Assessments – in my book, The House & the Cloud, I present the Impact vs. Likelihood Chart. Understanding which threats matter and what their likelihood is, will be essential to getting your client to invest in the right places at the right time.
  • Policy management and compliance. Finally there are some SMB focused tools to help with online policy development and management. Check out The Compliancy Group ad on the sidebar of my blog as one option.  I expect compliance requirements and enforcement to grow in the coming year.

It may be that most of your clients are too small right now to invest in these higher end programs. However, the day is coming when they will need them. Start finding ways to provide this, add it to your line card, and set a goal of closing at least one this year, giving you a case study to use in your marketing.  Showing this level of capability will set you apart from the thousands of other MSPs who say security, but really mean, “Firewall Management”.

© 2016, David Stelzl

********************************************************

If you’ve not read The House & The Cloud – now is the time to read it. This one book can open doors you’ve only dreamed of opening in the past. It will equip you with a message designed for 2016.

$1 HC Book Ad

 

 

 

appleHow Quickly Are You Responding to Your Customer’s Needs…

Time is important. The way you view your customer’s time just might be the most important part of your offering. Three recent interactions over the past week underscore just how important this is.

Apple Has Great Support

I mentioned in a post the other day that my daughter had been contacted online by a fraudster offering support. She called me in before paying the fraudulent charge, but I still went to Apple to make sure we were doing the right thing.  Apple was easy to contact. My daughter’s system is not new. In fact, it’t time to upgrade. But contacting support was easy, fast, and free regardless of the date I made the purchase. Using the online chat software I had my answers in less than 5 minutes, and the instructions on what to do were easy to follow.

American Airlines Calls You Back

My airline travel was down last year due to more online programs – so I lost my chairman status (USAirways). As a chairman member I always got immediate service.  Now that I no longer have the privilege, I have to wait in line like everyone else when calling in with a problem or question.  Last week was my first call into the now merged AA and USAirways company.  While the wait time was over 15 minutes, the automated system did take my cell number and call me back.  This is a great service for support organizations that don’t have to give immediate assistance. Sure enough, about 30 minutes after I placed the call they called back. I was connected immediately without being tied to the phone listening to hold music and marketing announcements. MMS Blog Ad

Quickbooks Makes You Wait

On the other hand, I had a Quickbooks App issue this morning. My first contact was with a woman who didn’t really speak English. Make sure your people speak the language of the people you support. I’m okay with a slight accent – we get that between northern and southern US. Not a problem.  But this was “Broken Engrish”, and very hard to understand.

She must have asked me 3 or 4 times which version I was using. For some reason she didn’t understand me either. When we finally agreed that I was on a Mac using the App, she told me I needed to talk with the online support team. Before placing me on hold she informed me that Quickbooks does not allow the support team to call out.  So waiting was the only option.

18 minutes later I am on the phone with online support. When I told him I had a Mac with an App, he simply said, “You have to uninstall it and reinstall it. We don’t support the App.” When I complained that the first person should have told me that, he insisted that he had told her to tell me that on the phone. I’m sure he did, but for some reason she did not relay the message. He apologized for wasting half an hour of my day and we hung up.

Computer support is critical. Most of us spend the entire day doing something on a computer. If you’re in the managed services business your clients should be support contracts, not T&M, and the support should be nearly instantaneous.  If you support the security side of your client’s business (which is a must these days) your response time is even more important.  The good news is, fast, quality support is worth paying for when you make money using a computer.

© 2015, David Stelzl

virus blueWhy Urgent Issues On Your Security Assessment Report Don’t Sell The Next Step

Have you ever wondered why the client doesn’t jump on the chance to implement your recommendations when you complete an assessment?

One of the most frustrating things in the security business happens when you complete an assessment. It seems like at least 90% of the assessments I’ve been involved in or read the report from, have several urgent issues. Gartner and I both have stated that 80% of the security budget is spent on keeping people out, but in my book, The House & the Cloud, I make it clear that detection-response is the only strategy that works.  Yet, clients rarely implement the recommendations that come from these reports.  They pay to have them done, listen to your findings, and then move on to other things. Why?

What’s Really Urgent? Hint: It’s Not Old Equipment or Missing Patches

I was meeting with the President of a technology  reseller two weeks ago in a 6-Hats Strategy session, going over the assessement process.  This fall he’s signed up to do at least 15 assessments before year-end, but if they don’t convert to managed services contracts, he won’t be happy.  History shows us that only about 15% will convert to more business unless he changes something.MMS Blog Ad

As we went through the 6 Thinking Hats Brainstorming Session, his list included things like missing patches, open ports, and free or non-existant Anti-Virus software. These all sound urgent, but they’re not! Not unless you can tie these issues to something more concrete. For instance, if you’re assessment comes up with no Anti-Virus software (of course most companies today would have something for AV), but there’s no sign of malware, you’re going to have a hard time convincing the CFO or frugal business-owner to spend more money.  Same thing with outdated software or hardware. If there’s no sign of danger, they probably won’t move to remediate.

Assessment Sales Depend On Impact and Likelihood

If you want to sell the next step, you have to take the next step in the assessment process. This is clearly spelled out on page 194 – 199 in The House & The Cloud, 2nd Edition. The next step is looking for the issues that should exist when a company fails to do the right thing.  Symptoms are enough to get a response. You don’t need the deep dive technical  analysis on what a particular botware application is doing. If they have one, it’s bad even if a marketing company put it there. If the marketing company is able to install bots on a network, the bad guys can do it too. Don’t worry about what the bot is, just find it.

If the systems are missing security patches, look for evidence of tampering, foul play, or unauthorized activity.  Keep asking yourself, “So what” for each issue you find, and tie it to a business problem. Find evidence of that problem, and you’ll have justification.  Don’t just say – your port is open. No one cares.

© 2015, David Stelzl

P.S. If you want to sell larger security deals, click the ad above and see if you qualify for a free seat through one of the many hardware vendors who sponsor this training!

Adding Security to Managed IT

Security is the most important part of your managed program.

Last Thursday I spoke to resellers in Atlanta, sponsored by Check Point Software.  This all day event included several important updates for resellers on what to consider in your managed program.  Keeping patches up-to-date and backing up data is important, but just about any reseller can do this.

What Small and Medium Size Businesses are Missing is the Ability to Detect Security Issues  

Following my session, was an excellent overview on how Check Point manages security at the end node. Small businesses are not going to stop their people from using their own phones and tablets for work (BYOD).  So how will these companies stop all the mobile device malware coming out?  This is a perfect role for the future SMB MSSP.  Can your company detect when a mobile device has been compromised? Are you able to help your clients make sure unauthorized users are not connecting to their wireless network? What about monitoring their IPS or correlating their events and providing reporting to show attacks you are blocking?  It’s all about intelligence. Helping small businesses (the businesses most targeted by today’s hackers) detect when someone is trying to access their data, and then responding to stop it.

It’s Not Just Technology – Marketing Science I Needed

In my session I showed how resellers should market and sell this. Not all business owners immediately see the need. As an example, the event I did last week in Richmond had over 30 attendees – every attendee (with the exception on one person who left early) signed up for an assessment provided by the hosting reseller. But I can tell you, not all of these attendees thought they had a need when we started the meeting. It was only after they heard the message.

This is the place to start.  These attendees where business level people, interested in keeping their businesses safe and growing. Assuming they are pretty safe, their focus is on profit and growth.

They may not all need more security, but the assessment process we are using is designed to uncover urgent issues such as compromised end nodes. If we don’t find problems, they should just keep checking. But we almost always do.

I spoke with one reseller yesterday who performs several assessments every month. While just about every assessment shows urgent issues, his assessment-to-project conversion is only about 15% (Which is average for our industry). Something is wrong here. If all of the assessments reveal urgent issues, why is the conversion rate so low?  It’s the assessment process. It’s designed to uncover vulnerabilities, but not designed to convert clients.

In my session I reviewed how to move business people from thinking they are fine, to understanding the truth about security. From there, we talked about how to assess and convert, to help businesses take the right actions to keep their data secure. Once things are under control, the MSSP offering should be designed to maintain an acceptable level of risk.

Providing this to your customers will make you one of their most important strategic partners.

© 2015, David Stelzl

P.S. if you’re interested in selling more security, consider the Security Sales Mastery Program – contact us to see if your company is eligible for training sponsored by Check Point Software, or one of several other well known security manufacturers.