Ransomware is one of the worst cyber-incidents to hit any corporation, including dental offices. You might think that your office is too small to be a victim, but any dental business with a connection to the internet could be the next target for ransomware criminals. Without the right security and infrastructure in place, your data is gone and can only be recovered using backups. If you don’t have backups, the data could be lost forever. To avoid being a ransomware target, you can follow some basic security measures. Before you create a security strategy, it helps to know what happens during a ransomware attack from the point of download to the malware’s payload and what happens afterward. This article goes over the general experience you’ll encounter for most ransomware attacks. Phishing as the Initial Vector Most ransomware attacks start with a phishing email. Usually, these email messages don’t target dental offices only. They target small businesses in general. Cyber-criminals are aware that most small offices don’t have the resources to detect and block phishing emails. Small businesses rely on users detecting phishing emails, or they don’t even realize that they are a primary target. Want to reduce downtime and make IT predictable? Take Dental Office IT Readiness Assessment Test for Free Take Dental Office IT Readiness Assessment Test Phishing emails usually contain a malicious attachment, or they might have a link to a site hosting malicious executable files. If it’s the former, the attachment might be a script used to download the malware executable. Malicious attachments can also be Microsoft Office documents with malicious macros. As an aside, Microsoft has a setting for Office to ask permission before executing macros instead of automatically running them. Asking permission to run macros reduces the risk of being a victim of ransomware. Links point to an attacker-controlled server hosting ransomware executables. After the user clicks the link, the browser opens a page telling the user to download software. The method of convincing the user to download ransomware varies, but the message gives the user a sense of urgency to convince people to avoid the realization that it could be a scam. Ways to avoid this step in a ransomware attack: Ransomware Download and Payload With a successful phishing email out of the way, the attacker convinces the user to run a ransomware executable. If the email message had a malicious attachment, the script downloads and runs the ransomware executable. Zero-day ransomware won’t be detected by antivirus software, but you could be lucky enough to have the right antivirus in place to avoid being a victim. Every ransomware author has their own strategy to bypass detection. The ransomware application might replicate itself across the network, but usually it immediately releases a payload. The payload for ransomware is encrypting all important files. Most ransomware targets the typical Office documents, database files, and images of dental clinics. Every version of ransomware has its own long list of file extensions to find and encrypt. Encryption is irreversible unless you have the key. Older ransomware encrypted using a symmetric key, but it exposed the key when it stored the key in a local file. To hide the symmetric key, attackers now use asymmetric encryption to hide it. Symmetric encryption uses a single key to encrypt and decrypt files. The key is then encrypted using an asymmetric public key, which can then only be decrypted using the attacker’s private key held on the attacker’s server. The process of symmetric and asymmetric encryption in ransomware is complicated. Just know that the hybrid encryption strategy stops cybersecurity professionals from reverse engineering ransomware procedures to stop it from holding files hostage. The two-way encryption strategy also hides the decryption key from researchers so that the ransomware cannot be neutralized after the initial payload. At this point, all your files are unavailable. You might notice that software no longer works, and office staff can’t open files. A message displays telling users that they need to pay a ransom to access files. Most ransomware attacks make the amount affordable so that businesses can make the payment to get files back. Ransoms can range from a few hundred dollars to several million, but attackers determine the amount using business size and research into financials. To avoid this step in a ransomware attack: Recovering from Ransomware Even with backups, ransomware can interrupt normal productivity and has been known to force businesses offline until recovery can be done. You’ll notice that files across the network and on computing devices are encrypted. Server files are encrypted, so applications, email services, internal software, and databases might not work properly. Law enforcement advises businesses to avoid paying attackers, because it encourages them to continue with their illegal activity. Unfortunately, most businesses feel like they have no choice but to pay the ransom. Most businesses pay the ransom to obtain their data, but it’s not guaranteed that you’ll get the key to decrypt files. Ransomware might have bugs affecting the decryption process, or businesses pay and the ransomware owner never sends the key. Businesses gamble when they pay the ransom, and some ransomware is coded to never decrypt files. A more guaranteed way to recover without paying a ransom is to recover with backups. Backups are a part of disaster recovery, and they should be stored in a secure location where ransomware cannot encrypt these files too. Recovery still takes time, so the business will suffer from downtime while recovery is ongoing. How to avoid this step in ransomware: Help with Ransomware Configuring your network and installing monitoring software takes professional experience. If you don’t install and configure these applications properly, you can have a false sense of security. You also need someone to review disaster recovery and set up backup procedures. Corporate Technologies can help you avoid being the next ransomware victim. Contact us today to see what we can do for you. Check Out Our Whitepaper: HIPAA Compliance Checklist for Dental Offices: What You Must Know FAQs
Churches are notorious for having weekly events, and Wi-Fi is necessary for any digital interaction at these large gatherings. Whether it’s for broadcasting live events or providing connectivity for attendees, Wi-Fi is an easy way to connect to the internet. With its convenience, Wi-Fi comes with its own list of vulnerabilities, so it should also be secured. If you are planning a church event in the near future, here are some design and security tips for Wi-Fi installations. Use a Firewall to Separate Business Traffic from Attendee Traffic A firewall controls traffic that flows in and out of your Wi-Fi network. For example, if you have a connection to the internet for church staff, you have a firewall that protects your internal business network from anyone on the public internet. Church staff can access the internet via outgoing traffic, but incoming traffic is blocked. The same design should be done for an event Wi-Fi network, especially if you also offer free Wi-Fi to event goers. The two networks should be separated using a firewall. Public Wi-Fi access from attendees should be on one network, and then the internal network used for the event should be another network. Allowing public and business traffic to intermingle opens the church to data eavesdropping and man-in-the-middle (MitM) attacks. Most Wi-Fi routers allow you to segment networks, but it might be convenient to add two Wi-Fi routers, one with a password for the event and a second one for public access. This strategy keeps both networks separate without having much knowledge into properly configure a firewall. Both Wi-Fi routers connect to the outgoing ISP router, so make sure your ISP account has enough bandwidth to handle both traffic sources. Install Antennas and Repeaters In large events, you might need antennas or repeaters to amplify Wi-Fi signals. A Wi-Fi router receives signals when a device is in close proximity to the router, and you might have a Wi-Fi router behind walls or away from the central ISP connection. Every wall cuts your Wi-Fi signal in half, so you need repeaters or amplification of a signal especially in large gatherings where Wi-Fi connectors might be spaced apart. An antenna allows users to be further away from the Wi-Fi router and still receive a decent signal. Antennas are also useful when you have event equipment that needs to access the internet at further distances. For example, when you have an event for a large group of people, you often have attendees several feet away from Wi-Fi equipment. Antennas and repeaters placed in strategic places will ensure that everything and everyone, including event equipment have access to a strong signal to the internet. Configure Strong Passwords for Wi-Fi Access If you keep public Wi-Fi networks separated from business networks, you can leave the public Wi-Fi passwordless or configure a password and publish it during the event. Remember that no password Wi-Fi leaves it open to anyone within range, so most businesses add a simple password. Only attendees inside the event can get access to the password. This strategy reduces any unwanted connections from people leaching free Wi-Fi during your event. For business Wi-Fi, a strong WPA3 password should be configured. Give this password to event coordinators, employees, and other church staff. For an event, you might use a different Wi-Fi hotspot specific to the event to avoid data breaches or issues from short-term contractors. This caveat might depend on the location of the event. If your event is at the church, you might need additional security for third-party contractors helping with the event. Be aware that older equipment might be incompatible with the latest WPA3 security. If your equipment was made within the last 10 years, you should be safe. For example, iPhones older than version 7 are not compatible with WPA3. Most people have newer iPhones, but it’s possible that someone still sticks with older technology. Just be aware of this limitation in case anyone tells you that they cannot connect to the WPA3-enabled Wi-Fi router. Set Up Filters and Monitoring for Public Wi-Fi If anyone uses your public Wi-Fi for illegal activity, your church is on the hook. The outgoing internet router IP address is tied to every user on your network. To avoid being used for illegal activity, use filters to block websites. Filters have out-of-the-box solutions for blocking known phishing and malware domains and any domain hosting illegal content. Web filtering solutions have a list of domains that you can blacklist, but you can also blacklist based on topic or industry. You might not want public users taking bandwidth for streaming, so you can block these domains during your events. Most filtering solutions come with logging options, so you can see if any users are using the church network for inappropriate reasons. Blocking domains also benefits the safety of users. They might not know a domain is flagged as a phishing portal, so web content filters support the data safety and privacy of guests and church staff. Monitoring guest network traffic also stops attacks before they can interfere with the event. Attackers might use the event public Wi-Fi to download malware, engage in attacks on other servers, or attempt to interrupt operations. Filtering and monitoring help stop these activities. Help with IT and Monitoring If you don’t have a dedicated IT team to support a church event, it might be time to ask for help from professionals experienced in network design and security. Corporate Technologies is a dedicated managed service provider with professionals and pricing plans to support church events where technology is a primary part of operations. Our staff can help design the right solution, set up the technology to help the event run smoothly, and offer support in case of technical issues. Event network design and security done right the first time will ensure that your church gatherings are successful with no technical issues to interfere with activities. To find out how Corporate Technologies can help your church, contact us today. FAQs
Digitizing your healthcare documents reduces so much physical paperwork, but it also adds cybersecurity risks and additional IT maintenance to your business. Downtime, stolen data, and data corruption are three risks healthcare businesses face, especially if they don’t stay fully compliant with HIPAA regulations. To avoid these issues and more, managed IT for dental practices can free up staff time, reduce risks of data corruption and loss, and secure the network environment in case of a disaster. If you own a small dental practice, you might take care of small IT tasks, but eventually you need help, especially when you need to ensure that your infrastructure follows HIPAA guidelines. HIPAA violations can add up to millions after a data breach, so we put together a list of ways a managed service provider can help keep your business compliant and keep data safe from attackers. Backups and Disaster Recovery Let’s say that you store your imaging files on a central computer so that everyone on staff can access patient documents. Data on this central server must be backed up in a safe location or you could lose your files forever. When healthcare providers lose patient data, it can be disastrous for business continuity. Having backups of patient files is also a requirement for HIPAA regulations. A managed service provider will assess your IT infrastructure and propose a good backup plan. Backup plans incorporate the number of file changes done throughout the day and determine how much loss you can experience without going bankrupt. Your backup plan might be daily, hourly, or more frequently. With your risk tolerance defined, managed IT professionals determine where to store backups and the frequency of data backups. Most professionals use cloud storage, where additional space and scaling can be done dynamically. Cloud storage also ensures that data is safe even in the event of a fire or physical theft. With disaster recovery, you have peace of mind that patient data can be restored and bring your business back to productivity within a reasonable amount of time. User Onboarding and Account Setup When a dental practice hires a new user, the user needs an account, a workstation, and access to necessary business applications. If a few new people join the team, it can be a lot of prep work for someone managing IT themselves. A Dental IT service provider takes care of onboarding for every new user, including deployment of workstations and mobile device applications. Documentation for onboarding and offboarding is necessary. Most people know that onboarding is necessary but forget the offboarding process. Without offboarding, ex-employee user accounts stay active, which creates a cybersecurity risk. User accounts must be deactivated and data transferred to another staff member to continue productivity. An IT provider handles this activity as well. In addition to user account activation and deactivation, IT professionals can give you HIPAA compliant application suggestions when your current infrastructure isn’t enough. Suppose that you have productivity issues due to the way documents are digitally stored. A dental office can speed up productivity with a few changes to its current application workflow, especially if they work with hybrid environments in the cloud. Help Desk Services and Onsite Help Users need to ask questions about their workstations, applications, or bugs in the system. Managed IT professionals at a 24/7 help desk assist dental staff with minor questions related to their work and even have on-site staff to help with bigger issues. Help desk services can assist your staff with various issues remotely and give them someone to call instead of interfering with local staff productivity. Not every managed IT provider offers a 24/7 help desk. It’s important to check your contract and ask questions. Also, on-site help is often needed throughout the year. Your contract should have a flat rate for on-site help with a service level agreement (SLA). SLAs give you the amount of time that you can expect a response and resolution for each IT item. SLAs are based on priority, so you get the fastest response for issues that interfere with day-to-day business productivity. Be careful of contracts that charge an hourly rate for on-site help in addition to monthly IT expenses. Without onsite support included with flat-rate payments, IT costs can balloon to unexpected amounts when a critical issue brings down infrastructure. Providers like Corporate Technologies include on-site support with their Total Advantage pricing plan. Monitoring and IT Management Even a small network needs day-to-day management. For example, software and firmware need upgrades often to patch security issues and bugs. An IT management professional monitors your environment for these updates and applies them. Patching is done in the background without affecting your user productivity or business operations. Many of today’s current data breaches come from unpatched infrastructure, so it’s important to keep up with updates. For example, an outdated IoT device could lead to your network becoming a part of a botnet. A botnet is the component behind a distributed denial-of-service (DDoS). Not only would your network be responsible for taking down another corporate business, but a DDoS from your network exhausts your business bandwidth, affecting productivity, digital downloads and uploads, and any payments. Where to Get Dental Practices IT Help If your office is overwhelmed with IT issues and needs help, a managed service provider is an affordable solution. Instead of hiring full-time staff, an MSP offers a complete team of IT professionals at a per-user flat-rate cost. The 24/7 help desk is also an option if your dental practice has people working remotely or during off-peak hours. Corporate Technologies has several offices across the country, and they offer service plans to fit your dental practice’s IT budget. Call us today and talk to one of our professionals to find out how we can help your dental practice. FAQs
Church donations are often done anonymously, but donor information is often stored on church networks, making it available to staff. Unfortunately, when private data is stored on a network, poor security might accidentally disclose private data to cyber-criminals. No business is an exception for hackers, so your church should make cybersecurity a priority. Let’s use a common data breach scenario. You have donor and member information stored on a central server. You don’t have many staff members, but everyone has access to the database that stores user information. One staff member falls for a phishing email and downloads malware. Using your staff member’s access controls, malware now has access to private data. In many cases, the database data is then uploaded to a third-party server. Worst case scenario: the data is encrypted in a ransomware attack and you must make donors and members aware that their data is now in the hands of cyber-criminals. You don’t need to be a cybersecurity expert to put a few access controls and safety nets in place. Church staff should be educated in the many phishing campaigns on the internet, but cybersecurity controls are also important for data protection. The next sections highlight a few ways you can make user data protection a priority and add access controls to your storage. Follow the “Least Privilege” Rule It can be tempting to give staff members unfettered access to all internal data and applications. Convenience often comes at the price of security. Your staff is the most vulnerable to phishing and cyber-threats. You can’t completely stop a cyber-attack using least privilege, but you can mitigate and limit cybersecurity risks. The rule of “least privilege” says that users should be given access to only the data needed to perform their job functions. Should the user accidentally download malware, the malware would only have access to the same data as the user’s authorized access in most cases. Not only does following the rule of least privilege limit data theft, but it also limits loss from corruption or deletion. Least privilege also helps with insider threats. Whether it’s intentional or unintentional, insiders can steal data, bring it home, or send it to a third party. Limiting what staff members can access removes the threat of entire databases and applications being compromised. Some of the biggest data threats start with compromising an unsuspecting user. Add Monitoring Controls You don’t know unauthorized access is granted unless you have monitoring tools and logging in place. If your data is stored in the cloud, cloud providers have their own monitoring tools. Cloud provider monitoring also includes logging any access requests, including access denied and granted actions. These activities can give you insight to any nefarious network activity. Most operating systems will log activity on local servers. You need third-party applications to set up decent monitoring and alerts. Setting up logging and monitoring might be too technical for internal staff, so you can turn to a managed service provider (MSP) to help you with the setup. Any good monitoring tool has an alerts and notification system. Notifications go out to a set individual when suspicious activity is detected. Configuring these tools can also require someone who understands how they work. A wrong configuration could leave you with a false sense of security. A managed service provider can help with monitoring setup too. Set Up a Firewall for Public Wi-Fi Churches aren’t subject to HIPAA, but HIPAA’s requirements for public Wi-Fi on a corporate healthcare network are beneficial for any business, including churches. It’s common for churches to have public Wi-Fi hotspots, but these public networks should be separated using a firewall. Staff should never use the public Wi-Fi with their workstations, so staff and public network data are always separated. To separate the two networks, install a firewall. The firewall uses access control lists to determine if a public Wi-Fi user should have access to internal church data. Users on public Wi-Fi should never be allowed to traverse to internal network systems, so the Wi-Fi firewall should have simple rules to block all incoming traffic. Understandably, configuring access control lists and installing a firewall might be beyond your staff’s technical expertise. Another option is using cloud providers to store public data, but you still need the infrastructure to protect data. Managed service providers can help you install and configure firewalls. Install Security Updates Unless you have a full-time staff member monitoring the latest threats and vulnerabilities, you won’t know when any of your applications need a security update. Firmware updates for routers and other hardware are also important. Some updates patch critical vulnerabilities that could give outsiders access to your private church data. Patch management doesn’t need to be a full-time job, but it requires commitment to monitoring for updates and understanding the threat landscape. Instead of having a staff member manage updates, a managed service provider can push updates remotely or offer onsite support for IT. Not every service provider offers onsite support, so make sure you check your contract if you need a technical present at your office to manage network infrastructure. Miscellaneous Cybersecurity Considerations The above sections cover some critical components of a secure network, but here are a few more miscellaneous items that you should consider for cybersecurity: Get Help with Church Data Protection If cybersecurity management is beyond your skill expertise, a managed service provider can help. MSPs like Corporate Technologies have full-time staff, onsite support, a 24/7 help desk for staff questions, and at a low-cost per-user flat rate. Contact us today to see what Corporate Technologies can do to protect your data. FAQs
Every small business is a target for hackers. You might think that the few dozen customers you store on your network aren’t worth a hacker’s time, but those customers are worth much more than you know. Usually, hackers breach multiple environments, including small business networks, and sell the collected data on darknet markets. Your customer data is a valuable addition to their revenue. You don’t need to be a cybersecurity expert to deploy good monitoring tools and create habits that protect your customer and their data. Protecting client data and avoiding a data breach are also beneficial to your brand. A single data breach can damage customer loyalty and trust, so you should make cybersecurity and data protection a priority for your business too. Most small business owners don’t have the budget for a full-time IT person let alone a full-time dedicated cybersecurity staff member. You don’t need full-time staff to add monitoring and data protection to your environment. Here are a few ways you can monitor your network without being an IT expert. Review Your Router Dashboard If you have a personal router connected to your network, it likely has a web-based interface that gives you information about your network. On small networks, the router has an IP address in the same subnet as your own computer. In many cases, the router is your default gateway. Type the router IP address (something like 192.168.0.1) into a web browser, and you’ll be prompted to authenticate. Every router has its own dashboard, and more expensive routers will have activity logs and firewall features. Once you gain access to the router’s dashboard, you can view connected devices, bandwidth usage, and audit logs if you have them enabled. If you don’t have logging features enabled, enable them for future monitoring. Disconnect any strange devices, especially if the router is also a Wi-Fi hotspot. If you have strange devices connected, it might be time to change the Wi-Fi password. Remember that any changes to Wi-Fi will disconnect other devices, which means that you should change the password during off-peak hours. Use a Network Scanner to Identify Connected Devices Reviewing a router’s dashboard is useful for finding devices connected to that particular router, but what if you have several routers or don’t have any personal routers on your network? Another option is to use a network scanner. Traditionally, the network scanner-of-choice for all administrators is nmap. Nmap can be used on Linux and the Windows command-line interface. Other more user-friendly scanners are available for download, but nmap has been around for decades and can be trusted not to host hidden malware. Nmap will give you a list of all connected devices with an IP address so that you can take an inventory of infrastructure. Any strange connections should be further reviewed. If nmap seems a bit too complicated, find a trusted graphical interface. Chances are the graphical interface uses nmap in the background, but it will make reviewing connected devices more intuitive for someone unfamiliar with a command-line tool. Separate Business and Personal Networks When you work from home, it’s not unusual to mix business with personal devices. Mixing the two makes monitoring more difficult, especially when you have guests. Add IoT and security cameras to the mix, and now you have devices that you don’t control on your network. For better monitoring, you set up separate Wi-Fi hotspots for each section of your network including personal, work, and security cameras. You can still run scanners to identify any strange connections, but now you have a better idea of the types of devices that should be connected to each router. You can also be much more strict about your work network compared to your home network. Guests can connect to your home Wi-Fi instead of your work Wi-Fi where you keep customer data. Use Cloud Provider Monitoring Software Whether you use AWS, Azure, Google Cloud, or another cloud provider, the system has cybersecurity tools specifically designed for monitoring your network. Auditing, logging, and monitoring are all available to you as a cloud provider customer. Monitoring tools come at a cost, so they must be enabled when you set up your environment. Cloud-based tools don’t monitor your local network. Keep that in mind when you set up a monitoring plan. You will need tools for any local servers, mobile devices, and workstations. Cloud monitoring tools cover resources in the provider’s environment, which includes storage, virtual machines, databases, and cloud-based infrastructure. Review Antivirus Warnings and Logs Every mobile device and workstation should have antivirus software running on it. Antivirus applications display warnings to users, but they also keep a log of issues. Some issues are critical, like downloading malware that could destroy customer data. Other issues are warnings, like installing software with no signature. Enterprise versions of antivirus software have a central place to review notifications, but enterprise versions cost a lot of money. Periodically review antivirus software running on each machine to ensure that malware isn’t stored on the network. An executable on the network is an idle threat waiting for a user to run malware on the environment. If your antivirus software can scan the network, even better. A good antivirus will detect malicious files on network storage and servers. Servers should also have antivirus software installed. Cyber-threats target servers for their invaluable data. A good eavesdropping application can retrieve user account information, device information, and data stored on the server. Email servers are especially good targets, because email is often stored in cleartext. Review antivirus notifications for these machines to identify malicious software. As an aside, most server operating systems also have event logs. Use these event logs to identify strange authentication attempts. For example, a threat might attempt to access the server with hacked user accounts. If you see multiple authentication attempts late at night when no one is in the office, you might have a hidden threat on the network. When Monitoring Becomes Too Much Work At some point in time,
Finding the right managed service provider (MSP) is a huge undertaking and often a confusing process for small businesses that need help. If you’re a small business owner, you probably know that you need IT support but don’t know where to start. Searching for MSPs gives you several results. The breakdown in this article gives you a list of pros and cons between Corporate Technologies and Miles IT to help you make the best decision. Comparison Table for Provider Plans and Services At first glance, you might think that every MSP offers the same benefits, similar pricing, and 24/7 service. After checking further details, you’ll see that Corporate Technologies and Miles IT have differences that might affect your decision. The following table details similarities and differences between the two MSPs. Feature Corporate Technologies (CT) Miles IT Support Availability 24/7 including after-hours, weekends, emergency support 24/7 support help desk On-Site Support Included in Total Advantage® (unlimited) Unlimited onsite support with MAP plan US Locations Several locations across the US Several locations across the US Pricing Model Transparent per-user; no overage fees in higher tiers Monthly payment plans Cybersecurity Stack Secure Advantage™—advanced multi-layer security Remote support and incident response SLA Transparency SLA: Average Call ResponseTime: 73s Under an hour response time Money-Back Guarantee 60-day money-back guarantee None publicly listed The two stand-out differences between Corporate Technologies and Miles IT are the SLA response times and moneyback guarantee. More details about minor differences and the service offers important to small businesses are described in the next sections. Breakdown of Corporate Technologies and Miles IT by Business Size Both companies have offices across the United States, some in multiple cities in a single state to cover regional areas. You might not think you need a national or regional presence from a managed service provider, but it’s important if you ever scale to multiple locations, move offices, or have remote workers. Help desk support is often online, but you need an MSP with an office in your area for on-site IT support. Corporate Technologies has operates across 20 markets in the US. Comparison of Support and Service Models At first glance, both Corporate Technologies and Miles IT have the same services, but they have slight differences. They both have a 24/7 help desk, so you get support no matter the time of the day, weekend, or holidays. For businesses that must operate during off-peak hours, you get support. This means any night shift workers also have a place to call for IT support. Onsite support is optional, depending on the pricing plan that you choose, but Corporate Technologies offers unlimited support with its per-user monthly Total Advantage plan. Miles IT offers a response time in under an hour, but Corporate Technologies has SLAs with a faster response time depending on priority of the issue. You might need faster response times when a critical issue halts productivity. Pricing Comparison Between Corporate Technologies and Miles IT When you shop for IT support pricing, be careful with limited plans. Limited pricing plans have hidden fees. Hidden fees can skyrocket when you have an emergency and must pay by the hour to get support outside of your contract agreements. Check the SLAs and services you get before you sign the contract. Corporate Technologies maintains transparency in their pricing model. Small businesses can expect to pay a per-user monthly fee for IT services. Each pricing plan has its own additional services with Total Advantage offering unlimited onsite support. Miles IT does not publicly display its pricing structure, but it does have a MAP (Miles Assurance Plan) that offers unlimited onsite support too. Cybersecurity Services Comparison Your small business is constantly under attack from cyber-criminals, whether you realize it or not. Proactive cybersecurity detects and eradicates threats, but sometimes small businesses need help with setup, incident response, and disaster recovery. Corporate Technologies has a wide range of cybersecurity services for clients. Here are a few important ones: Miles IT also has cybersecurity service. Here are a few that stand out: Regional Onsite Support Miles IT and Corporate Technologies offer onsite support. Before you decide on a managed service provider, check service level agreements (SLAs). The SLA tells you how quickly the MSP responds to your IT support requests. An hour versus a half hour can mean the difference between happy and unhappy customers. Corporate Technologies has several regional offices across the US. Proximity to your MSP office locations also determines cost and responsiveness. An office a couple hours away from your location will extend response times when you need support onsite. Corporate Technologies 60-Day Money-Back Guarantee A standout difference between Corporate Technologies and Miles IT is the 60-day money-back guarantee from Corporate Technologies. The money-back guarantee reduces risks for small businesses unsure if a managed service provider is right for their IT support. Check out Corporate Technologies customer service, help desk options, and onsite support without monetary commitments for the first 60 days. When Corporate Technologies is the Better Fit Several similarities between Miles IT and Corporate Technologies might have you thinking they are the same service, but a few benefits stand out. If you need someone in a regional location close to your office, check out Corporate Technologies locations. If you are unsure of MSP benefits for your small business, take advantage of Corporate Technologies 60-day money-back guarantee. Contact us today to see what we can do for your small business. You may also like Largest Managed IT Service Providers FAQs
When your current IT staff is overloaded with work, you can either hire additional internal staff or collaborate with a managed service provider (MSP). It’s a tough decision for small business owners, because leaning into external help often seems expensive. MSPs offer a wider range of services that internal staff can’t always manage alone. If your internal staff feels like they can no longer manage IT infrastructure, adding an external source often brings benefits to alleviate overhead without adding enormous costs. What “Internal IT” Really Means in Small Businesses Usually, a really small business starts off with one person supporting a few employees. This person isn’t dedicated to IT, but knows enough to support a couple of workstations. As the business grows, a dedicated IT staff member is added. This staff member often wears many hats, meaning the IT person deals with security, onboarding employees, managing updates and additional hardware, configuring cloud resources, offboarding employees, and numerous other responsibilities. Internal IT understands your local environment much better than anyone. They also offer hands-on advice and know employee troubles from personal experience. In-house IT staff have a lot to offer around the office, but they don’t have unlimited time and experience. For example, what happens when you have a ransomware attack? You need someone with specialized knowledge to tackle this type of cybersecurity issue, or your office could suffer from a recurring incident when the threat is not eradicated from your network. What Managed IT Actually Is (and Isn’t) Think of managed IT as an extension of onsite IT staff. When IT staff go home for the day or it’s the middle of the night, your managed service provider has IT staff working 24/7 every day of the week. They have multiple staff members available to respond to any incident day or night. When your IT staff has other priorities, managed IT takes over for patches, updates, and compliance. Small businesses might think of managed IT as a call center, but providers like Corporate Technologies offer onsite help with certain plans. Local IT offices provide professionals with varied experience. Each group of professionals has their own specialized experience, so your small business gets help that matches your specific IT issue. Managed IT is more than just a call center. They are full coverage for any IT issue and solution, so they enhance your current IT support. Cost Comparison: Internal IT vs. Managed IT Managed IT providers always market with cost-savings benefits. Not every MSP has a flat-rate cost with predictable pricing. Pricing plans range in cost depending on what you need. Corporate Technologies is one of the only local MSPs offering a 60-day moneyback guarantee so that you can try out managed IT before making a long-term commitment. Costs for managed IT are usually per user. You pay a flat per-user price ranging from $35/user to $80/user. Compare this cost to an internal IT staff member. You need to pay a yearly salary based on your local market along with benefits, payroll taxes, time-off, and licenses. IT staff also need training year-to-year to keep up with the latest technology that affects your business. Capability Comparison Local IT staff know your environment well, but sooner or later they need help. Having a collaborative managed IT team gives internal staff help when it’s needed. Professionals for an MSP have their own personal experience and training, so they often have an area of expertise that your local internal IT staff can’t offer. Here is a breakdown of where managed IT can be useful: Internal IT Managed IT 24/7 Helpdesk Onsite during business hours Coverage 24/7/365 Security monitoring Often missing or unaware that it’s needed Monitoring policies and software are part of the contract Backup testing Usually perform backups but don’t have a policy for testing Testing of backups to ensure they aren’t corrupted Compliance Need training to know compliance requirements Staff has specific training for various compliance regulations After-hours incidents Slower response if on-call overnight Overnight staff available during nights and weekends Project execution Needs guidance for new infrastructure rollouts Project managers and experienced staff offer deployments of new tech Documentation andReporting Varies depending on corporate requirements Part of procedures after incident response and detection. Documents deployments and upgrades As you can see, managed IT has a broader depth of experience to offer. For example, most small business IT staff don’t have the experience and tools to work with sophisticated cybersecurity events. They also don’t have the training to deal with compliance-specific requirements. This isn’t to say they aren’t necessary in day-to-day operations, but they need help with issues outside of their expertise. Co-Managed IT: When Internal IT and Managed IT Work Best The best solution is to combine internal IT with a managed service provider. Internal IT takes ownership of strategies and what works best for your small business. They can direct MSPs and collaborate on ideas and what’s best for business productivity. Managed IT will often take the lead on security, patch management, backup testing, and disaster recovery. When IT is in emergency mode, that’s when your business will see the best managed IT benefits. In addition to IT benefits, the business saves on headcount costs while still enabling business scalability and continuity. For businesses under compliance regulations (and most have at least one regulation they must follow!), managed IT offers guidance on best practices. Monitoring tools eliminate alert fatigue often seen by internal IT overseeing a myriad of issues. Managed IT compliance documentation, policy guidance, and infrastructure deployments save on hefty fines for violations. In some scenarios, fully managed IT makes more sense. If your small business has no current IT staff or someone who does IT on the side, it might be time to engage with a service provider. Your business gets the power of a full IT team without the costly salaries and real estate. No more turnover, office management of IT, or pressure to deal with IT issues. Which Model Fits Your Business? Small businesses need an
For small businesses that need support across the US, you need a managed service provider (MSP) with national coverage. You have several to choose from: Corporate Technologies, Thrive, Ntiva, Marco Technologies, and Electric, but which one is right for your business? Thrive, Ntiva, Marco Technologies, and Electric have centralized service, which might seem appealing until you need localized support. Corporate Technologies differs from its competitors by offering regionally staffed local support across 18 US locations and 20 US markets. This comparison guide for SMBs breaks down how service delivery, response times, pricing, and onsite support make Corporate Technologies stand out against the competition. Category Corporate Technologies Thrive Ntiva Marco Technologies Electric Local Presence 20 regional locations 25 locations in the US 16 regional locations Midwest and Northeast US New York Onsite Coverage Included in Total Advantage® (unlimited) No onsite support found but onsite data center design available Onsite at customer request Billed hourly Mostly remote support Response Times SLA: Average Call Response Time: 73s SLA: 6 Minutes SLA: Average Call Response Time: 120s Depends on SLAs Depends on SLAs Help desk 24/7 support 24/7 support 24/7 support 24/7 support 24/7 support Field tech availability Onsite unlimited with Total Advantage Colocatoin services Monday-Friday dedicated support Depends on service plan None specified Pricing transparency Transparent per-user; no overage fees in higher tiers Depends on services Monthly per-user package based on 100 users Per user pricing Per user pricing Contract terms Flexible Flexible Flexible Flexible Flexible Industries served Several Several Several None specified None specified Regional specialization 20 US markets Several Several Physical security and copiers and printers None specified Security maturity Secure Advantage™—advanced multi-layer security Endpoint, incident response, monitoring, consulting Additional package with intrusion detection, monitoring, pen testing, email encryption General security for devices, network, and applications Basic endpoint, network, social, and data security Customer satisfaction indicators 5-stars on G2, 4.7 stars on Clutch and Google 4.5 on G2 No external source 4.3 on G2 3.7 on Capterra Who it’s best for SMBs with onsite regional support needs SMBs with data center infrastructure SMBs with at least 100 users SMBs focusing on documenting, phone and audio and visual Local NY SMBs or SMBs that don’t need onsite support Brief Comparison of MSP Services Each one of these MSPs have advantages and disadvantages. Here is a brief overview of each MSP: Local Onsite Support Remote support seems sufficient until you have an IT issue that can’t be resolved unless a technician repairs it. Corporate Technologies focuses on unlimited onsite support with its Total Advantage solution. All others in the comparison table have some form of onsite support, but it’s limited and comes at a high additional cost. MSPs charge for onsite support hourly unless you have it in your contract, so look at your contract before making a decision. Chances are that you will need it eventually, and unforeseen onsite support can spike your bill to thousands that you didn’t expect. To get local support, you need an MSP with a local presence. All but one MSP in the comparison table has several locations in the US with high field technician availability. You should check that the MSP has a regional office in your area. Without a regional office, you can’t get onsite support. Some MSPs will send consultants to your office for an extremely high price, so it’s better to choose a local MSP. Many of the large national MSPs offer remote support and onsite is limited. You might get onsite support at different times and at a large cost, but the MSP will only offer remote support unless onsite is absolutely necessary. Corporate Technologies will fly in contractors when you need it. Pricing Plans Only Corporate Technologies has an upfront pricing structure. The others have a per-user pricing plan, but most of the additional services come at a price. Additional pricing isn’t publicly available, so it could mean that your contract pricing is much higher than packaging everything into a single solution like Total Advantage. When you decide on an MSP, read the fine print to identify the services that you get. Some services to look for are onsite support, field technician availability, help desk support, cybersecurity solutions, monitoring and proactive infrastructure maintenance, and if the MSP supports your specific industry. Each MSP offers flexibility in their contract terms, but Corporate Technologies has unlimited onsite support with a wide range of services in Total Advantage. Corporate Technologies also reduces risks of monetary loss by offering a 60-day money-back guarantee. The money-back guarantee lets SMBs try out MSP solutions without making a commitment on long-term contracts. Try out IT management services and stick with Corporate Technologies if you’re happy with the service. Cybersecurity Services Most MSPs offer basic monitoring, but more advanced cyber-threats require more protection. Also, disaster recovery and backups turn a devastating data breach into a recoverable incident. If you aren’t a cybersecurity person, you don’t know the types of protection necessary to operate a business and block threats. Corporate Technologies offers Secure Advantage so that you get all necessary cybersecurity services including proactive monitoring, incident response, backups, disaster recovery, patch management, endpoint management, DNS filtering, email protection, compliance support, and ransomware protection. Other MSPs offer several cybersecurity services, but it’s unclear if they offer it packaged in a set pricing structure so that you can budget for it. The right cybersecurity service can mean days of downtime or only a few hours, so take this into consideration when choosing an MSP. Which MSP Model Fits Your Business? US small businesses have several MSPs to choose from. You should choose Corporate Technologies if you want: If you have other priorities, a national MSP might be a better option. Choose a national MSP with centralized service if you want: To find out what Corporate Technologies can do for your SMB, contact us. FAQs
Your IT infrastructure never sleeps, so it can fail in the middle of the night. You need a remote-ready IT environment to allow for quick support. Whether you have remote staff that need access to your applications while they are on the road or need to set up an environment where IT can support your infrastructure, you need the right technology plan. The Essential Pillars of a Remote-Ready IT Environment Today’s secure IT environment requires infrastructure that you likely don’t have already if you need to set up remote access. This means that you’ll need new equipment before your network is remote-ready. Each item in this list can be deployed by you or a managed service provider (MSP). When you look into MSPs, here is a list of items they will recommend: VPN, Zero-Trust, and Multifactor Authentication (MFA): A virtual private network (VPN) will secure data traveling over the internet, so your data is safe even if an employee works from a vulnerable location like public Wi-Fi. The Zero-Trust aspect of VPN is a methodology used to authenticate and verify users as they continue to request data from your internal servers. Finally, MFA reduces the chance of a data breach should an employee fall for phishing or social engineering where their network credentials could be disclosed. Managed endpoints: Every mobile device, laptop, and remote desktop is an endpoint. Endpoints must be secured and managed by IT staff. Your security policy details what users must have on their devices to connect remotely, but antimalware and remote data wiping are two must-haves. Antimalware applications stop attackers, and remote data wiping removes sensitive data should a user lose their device. Email security: Every organization is a target for cyber-criminals. Today’s largest data breaches start with a phishing email. Email security filters out suspicious links, spoofed email addresses, and messages with malicious attachments. Cloud application protection: Your cloud vendor has tools to protect data at the vendor’s location. Ensure that these applications are enabled to stop attackers from breaching cloud infrastructure. Backup and disaster recovery: Whether you keep backups on-premises or in the cloud, you need them in case of a disaster. For example, if ransomware affects your environment, the quickest way to avoid damage is to restore data from a backup. Backups are also useful for natural disasters like floods or fires. Business-grade Wi-Fi: Wi-Fi can be set up around the office to offer remote access for staff if they don’t have a desktop. You need a setup that offers speed for enterprise applications and security to protect from outsiders. What Breaks First When SMBs Go Remote Even with the best and finest hardware, things break. It could be from a misconfiguration or a bug in the hardware. In rare cases, hardware fails from a faulty component. Whatever the reason, you need to be prepared. Here are a few common failures: All of the above issues can be proactively addressed with the right IT controls and deployment. After some time, your VPN might need upgrades as your business grows and adds more users. Your MSP can monitor the VPN for any speed issues and handle upgrades before they impact productivity. Patch management handles any issues with security upgrades in your environment. Shadow IT is also a security concern. Your MSP should monitor the environment for any devices that aren’t authorized, and they can handle patch management to ensure that your infrastructure is up to date. Compliance controls necessary for your environment depend on your industry. A good MSP will help guide you on the right controls. For example, if you must be HIPAA compliant, then you need the right monitoring and audit controls. MSPs install these tools to ensure that you aren’t vulnerable to compliance violations. Step-by-Step Setup Checklist for Business Owners Before you engage an MSP, you might want to go over your current infrastructure to determine what you need. An MSP can help determine the right hardware and software for your business, but it doesn’t hurt to take a look at what you have and make a checklist of your own. With this checklist, you can then engage with an MSP that can deploy and configure each item. How Corporate Technologies Builds a Remote-Ready Workplace As a small business owner, you might be overwhelmed with all of the requirements for remote access to your environment. You can choose from several MSPs, but we offer local onsite IT help that competitors can’t offer. We have a remote help center, but our professionals are local to our clients as well. Cybersecurity is a primary concern. Once you open your environment to remote users, the network becomes a target for remote threats. Corporate Technologies deployed email filtering, a security operations center (SOC) that monitors the environment, endpoint protection, and backup procedures to keep your data safe from attackers and permanent damage. After we deploy your remote-ready workplace, we then offer continued protection and monitoring with: Why SMBs Need Local IT Support for Remote Work For many SMBs, technology concerns grow beyond what a local person can do, especially if they aren’t trained in IT. Corporate Technologies caters to small businesses with offices across the US. You need this support for full coverage of your environment. For example, if you suffer from a network outage or ISP interruption, a remote MSP can’t help. Corporate Technologies can remediate these types of issues with local technicians near you. A few other ways local IT support can help you: If your business is ready to take the next step towards remote access, see what Corporate Technologies can do for you. Contact us today. FAQs
When your internet connectivity fails, so does your business productivity. Your employees can’t reach cloud-based applications, email, phones, and any other critical internet dependent service. Productivity failure hurts your revenue, and it can cost millions for extensive downtime. Every component of your infrastructure should have a failover safety net, and this includes your internet connection. It’s not uncommon for small businesses to rely on a single internet service provider (ISP), but it’s a mistake. Your internet service might be stable for a while, but ISPs will often perform maintenance or upgrades without warning. ISP activities sometimes cut your service for several hours a day, or your service suffers from temporary degradation while the ISP performs its maintenance. Slow performance also harms productivity. In both these scenarios, you can overcome productivity loss with internet failover infrastructure. Before you decide on a failover design, you need a failover internet plan. What is an Internet Failover Plan? An internet failover plan is a document that decides what hardware you need to ensure that employees always have access to the internet, and what happens when your internet connection goes down. For most businesses, having a separate ISP is the answer to internet failover. In addition to having a second connection, having a secondary service type adds additional risk management. If your main connection is cable, then using a telecom provider avoids downtime if cable lines fail. You still need a trigger to cutover to your alternative source. The best method is to have an automatic switch, but you could leave it to a manual switch if you have full-time operational staff available for the cutover. Your router, firewall, and other infrastructure must be able to handle the cutover. The best way to ensure that all infrastructure will stay operational is to test it during off hours. You can simulate an internet failure scenario by cutting connection to your current ISP. Failover hardware should take over and allow a smooth transition. As an example, suppose that you live in an area where hurricanes are common. You might have cable internet for your normal internet connection, but you have a telecom like AT&T for failover. Cable might be down for days, but AT&T brings their infrastructure to service more quickly. The opposite could also occur. You would have two ISPs to limit your downtime after a major storm, which reduces your risk factors and eliminates a single source of failure. Why It Matters to SMBs? Small business owners might not even realize the importance of the internet for productivity. Internet connectivity is often taken for granted because it’s so common now in any industry. Take, for example, a law firm. Now, documents hosted on government websites are no longer available. Email messages from clients would no longer be available. Phones would not be operational, cutting all contact with colleagues and clients. Document editing and sharing would no longer be available whether you use Microsoft Office 365 or Google Workspace. Productivity for a small law firm would crash, and this is just one example. There are plenty of other industries that rely heavily on the internet. A loss in productivity translates to revenue loss in any industry. Small businesses don’t usually have the resources to estimate hourly revenue loss, but they still feel the impact just the same. Not only is productivity loss an issue, but once internet connectivity is back up, businesses must catch up and hope to avoid losing customers over the incident. Key Components of a Strong Failover Setup It’s better to have a reliable IT professional design your infrastructure, but here are a few items you can expect to add to your current infrastructure. After setup and configuration, you first need to test the infrastructure. Even after your first test, IT staff must annually test internet failover and any disaster recovery procedures. Disaster recovery testing often involves simulating an actual event like creating an environment where internet connectivity fails and then the alternative provider activates. IT staff must then test all critical resources to ensure that they are available. In addition to testing, IT staff should create a document that details every step necessary to deal with an internet outage. For example, the document highlights key stakeholders to contact, and who will manage any bugs if the cutover doesn’t happen smoothly. An email to users warning them of slower network performance might also be necessary. How Corporate Technologies Helps? You could upgrade network hardware yourself, but it requires a professional to configure infrastructure for optimum performance. Any mistakes could leave your internet failover design useless, which could in turn waste money and lose productivity when an outage occurs. For some small businesses with IT staff, the onsite staff might not have the experience to deploy failover and disaster recovery infrastructure. That’s where Corporate Technologies can help. We cater disaster recovery plans and designs to your business to ensure that productivity is always running at optimal levels even during outages. Professional IT providers deploy infrastructure, test it, and then monitor it 24/7 for any issues. Contact us to find out how Corporate Technologies can help you with disaster recovery and internet failover. FAQs