Cybersecurity Awareness Month is the perfect time to review and upgrade client systems and reassure them that their data is safe.
October is Cybersecurity Awareness Month, a perfect time to audit and upgrade your security practices, and if you offer managed IT services, talk to your clients about doing the same. Any office technology dealer working in the managed IT space already should help clients maintain the integrity of their systems and have the kind of collaborative, consultative relationship that makes those conversations possible. We spoke with Pat Jamison, a senior account executive focusing on cybersecurity at ConnectWise, to get his perspective on how dealers can best address cybersecurity issues with their customers during Cybersecurity Awareness Month and all year round.
“October falls toward the end of the year, so it’s a great opportunity to reflect on the landscape of cybersecurity, reinforcing the awareness of what dealers need to do to finish out their year and go into next year,” observed Jamison.
While some companies will always opt to keep their cybersecurity in-house or contract with specialized vendors who only provide security services, Jamison has seen the advantages dealers have in growing into that space with their clients.
“First and foremost, they have a captive audience to work with because of the relationships they’ve built,” said Jamison. While copiers and other hardware offerings are typically the core of the dealer’s relationship with clients, the important thing is the existing relationship. “What they really have is people willing to pick up the phone and actually listen,” added Jamison.
He frequently sees dealers who are successful in their hardware business and have branched out into managed IT services but are apprehensive about taking on the challenges and risks of cybersecurity. His advice? Don’t be intimidated.
“You don’t have to be the best practice immediately, but you have to at least start,” he said. “Things like education around the evolving cyber threats, protecting their personal and sensitive data. It boils down to getting started. Keep it simple and focus on the biggest part of the organizational network that tends to be most exploited. It’s usually the people.”
Endpoint security is a great place to start, including training on security best practices, avoiding threats, and recognizing phishing attempts. Help clients protect their most vulnerable attack surfaces, such as email, laptops, and, perhaps surprisingly, copiers and printers.
“Dealers have to start understanding that they are in a little bit of a unique scenario because one area that has seen a significant uptick in exploits has been through the copiers,” noted Jamison. He advises setting up a service similar to ConnectWise’s partnership with Sharp, Security Information Management (SIM), which helps monitor endpoint machines with expertise dealers may not have access to locally.
“Start with making sure that the event logs are sent to somewhere like ConnectWise, where we can collect the logs, send them to our security operation center, make sure that those things are analyzed, and if there are any alerts, then they can be sent to those individuals and say, ‘Hey, we’ve got an issue here with your copier,’” said Jamison. The important thing is not to assume any machine, even one set up at a smaller office or used infrequently, is safe. “If it can reach the internet, it can be exploited,” emphasized Jamison.
“A lot of organizations think, ‘It’s not going to happen to me, I’m too small,’ or whatever the excuse is as to why they shouldn’t make a commitment to security, but it is a load to handle,” Jamison added. “Cybersecurity is not something that we can ever skimp on anymore.”
Even staying on top of the news about cybersecurity threats won’t give someone the whole picture because many of the most significant attacks, in terms of the size of the company, the number of machines affected, and the financial damage incurred, are kept secret, partly for client confidentiality and partly to avoid encouraging future hackers with stories of hefty ransoms. The scale of the security work that must be done to protect against cyber threats can prove dizzying, which is all the more reason why clients turn to experts for help. The important thing to remember is that a dealer doesn’t need to handle all of that alone.
“The dealer channel has a relationship with some customers such that they could go from leveraging security at one level to a very high level very quickly if they commit to it,” said Jamison. “But they don’t want to do that because they simply don’t have the manpower to watch things 24/7. We can supplement that for them; in essence, our team becomes theirs. When they’re overwhelmed and need more support, we can get them where they want to go.”
Client buy-in is essential. Even the best cybersecurity system can’t work to protect against threats if the end user isn’t on board. Dealers can use their people skills and the relationships they’ve built, sometimes over decades, to solve the human side of the equation.
“Look, I get it,” Jamison said. “It’s not fun to deal with a more complicated password every six weeks or two months or whatever the cadence is you’re working with. But those that take the more relaxed approach to it, they’re the ones that ultimately find themselves in some type of an incident, whether public or not.”
If a client were starting from scratch with cybersecurity, Jamison would advise them to hit a few key points at a bare minimum. For example, 24/7 endpoint coverage on laptops, desktops, servers, copiers, printers, and phones, and as an essential step, putting a good patch and update policy in place for every machine.
“Outdated software can often contain vulnerabilities that cyber criminals can exploit,” said Jamison. “The stats are so overwhelming that they’re going to have an incident at some point.”
Beyond that, it’s crucial to figure out how to build an incident response process as fast as possible. “When things go bad, time is really of the essence, and for the customer, a minute feels like a day,” he said. Once a cyber threat hits, damage is already done. It’s simply a question of the scale of the damage, which comes down to how well systems are protected internally. In a cyberattack scenario, “The fire is already started,” said Jamison. “We can put the fire out, but it’s really hard to put the house back together if we don’t have a lot of these things in place on the front side.”
The good news is that clients are more informed and ready to invest in security than ever. “My grandmother, who was 94, knew what ransomware was,” said Jamison. “It’s out there in the public consciousness. These discussions today are not as difficult as they were a few years ago because now they know that ultimately they have to commit to doing better around cybersecurity at the end of the day.”
The hardest truth about cybersecurity is also what will keep dealers comfortable in the security business for years: Hackers never stop trying new tricks. “If you put up a ten-foot wall, hackers will find an eleven-foot ladder,” Jamison joked. “But if you leverage partners like ConnectWise it really does become a win-win.”
