The FBI reports a 300-400% increase in cybersecurity incidents since the pandemic began and Google reveals 18 million COVID-related phishing emails are now being blocked, daily. Risks and threats have rapidly multiplied as hackers prey on disenfranchised organizations and unplanned remote work. Most businesses today have security baked into their IT plans, but those plans need to be re-evaluated and assessed on an ongoing basis.
The customer needs to be vigilant, and as a trusted IT consultant, you need to help. As many businesses experience constrained IT resources and stricter budgets, how can you help your customers make more strategic security decisions? Here are seven straightforward approaches to stay competitive in the security space and bring greater value to your customers.
1. Review security plans – preparation is key
A cybersecurity event is hard to contain and extremely costly. The average lifespan of a breach is 314 days and typically ends up costing $3.4 million, according to IBM. It’s only after something happens that companies wish they had better plans and prevention measures in place. Hindsight is 20/20. The Cybersecurity Events guide created by the Tech Gurus is a great resource, a step-by-step planning tool to use with your customers to identify needs and setup protections. Know the various solution options and provider offerings to get the right safeguards in place. Along with prevention, you should be talking timely detection services to mitigate damages, should an incident occur, offering quick responsiveness, disaster recovery and business continuity.
Schedule security check-ins with customers on a semiannual, if not quarterly, basis. TBI has created resources to position yourself as a security specialist and a trusted source. Use outreach materials found in Partner Marketing Center, engage your Channel Manager and use the Tech Gurus for more complex solutions and larger opportunities.
2. Keep your customer in the know -- stay up-to-date on current solutions and the threat landscape
One of the best ways to stay current are tools and TBI trainings found on the University of TBI or through the many free webinars available from TBI and our trusted providers. Check our events page for an active calendar and be sure to follow TBI on LinkedIn. We post timely, relevant information daily and host weekly live discussions and trainings, many pertaining to the hot topic of security. You should also be talking managed security solutions with customers to offset tasks and responsibilities into the hands of experts. Managed Security Solutions handle the monitoring and remediation, while keeping IT staff alerted, with the expertise of trusted security vendors witnessing and responding to all the latest threats they see. Since many are cloud-based, solutions are easy to deploy and offer affordable pricing structures. Speak with your Channel Manager about recommended providers.
3. Discuss access -- enable Multifactor Authentication & Virtual Private Networks
As many states relax their shelter in place orders and public places start to open up, such as restaurants and cafes, employees still working out of office and those needing a change of scenery, might venture out to these establishments to work. They, then unknowingly, open themselves up to risks via public and shared Wi-Fi connections, creating major security concerns. Employees should be using Virtual Private Networks (VPNs) to safely access the corporate network. VPN solutions are now very affordable, with many available through various ISPs and cloud providers. Equally important is the use of Multifactor Authentication (MFA), requiring employees to use at least three or more layers of authentication before accessing sensitive company data. Combinations of password, RSA token, SMS, OTP (one-time password), QR code, push notification, and biometric modality (such as fingerprint or iris recognition) can all be used in tandem. Many organizations are also deploying identity access management (IAM) frameworks to better identify and manage user access in their network with the use of MFA and VPNs to move towards a zero-trust security model.
4. Employ training – provide education and employee learning resources
Employees should be aware of the role and responsibility they play in cybersecurity. IBM reports that 95% of breaches are caused by human error. Employees should receive security training to understand best practices, how to recognize common threats like phishing emails, and how to use video conferencing tools in a secure manner. Email scams have become extremely sophisticated and harder to detect. Employees should be reminded to be on the lookout for suspicious emails and know what to do if received, not to open and contact IT, immediately. Keeping employees aware and with their guard up goes a long way.
Use our Securing a Remote Workforce document to inform employers and employees of their role and involvement in security; this easy to digest material is available as a white label document, to brand with your own logo and contact information.
5. Consider physical security – keep the office and employees protected
While your security sales may heavily focus on network and cybersecurity, physical security is also a critical component. TBI’s portfolio gives you access to reputable physical security providers, allowing you to sell physical protection, monitoring and controlled access, keeping your customers’ resources, employees and equipment safe. Solutions include video surveillance, secure entry points like gates and doors and alarm systems. Help businesses without proper security personnel and tools to keep critical assets like IT infrastructure and servers secure, as it would be in a highly secure datacenter. Physical solution providers can be found on TBI’s Providers by Solutions page.
6. Allow for maintenance -- focus on software updates and patches
The 2020 Cyber Hygiene Report found that almost 60% of data breaches in the past two years were caused by missing patches. Keeping up-to-date with security patches and updates is challenging and even more so when employees are working remote. Many IT security teams have not been able to deploy updates and patches on a regular basis, either because they cannot connect to the corporate domain without a VPN, lack remote access capabilities for employees, or they were just spread too thin. Cyber attackers are fully aware of this and ready to pounce. Encourage your customers IT security teams to have monitoring in place such as endpoint protection or a SIEM capable of identifying out-of-date software and patch versions; Security Magazine found that over 70% of breaches occur at endpoints. Businesses should have a regular schedule for auditing and deploying software patches and updates, a consideration for some customers to outsource. Having Managed IT experts handle this can take a huge weight off of in-house IT, making sure all updates are being done and in a timely manner.
7. Offer up testing and audits from vendors and partnerships -- free audits, vulnerability scans and penetration testing
Being a TBI selling partner enables you to offer customers free security audits and assessments, using our accredited solution engineers and Tech Gurus. Our team of security experts are available to work alongside you to conduct thorough testing and assessments, identifying any holes in your customers’ security postures, recommending proper remediation. Vulnerability scans can be used to detect and classify system weaknesses in computers, networks and communications equipment and provide ways to remedy the issues. This gives a proactive approach to close any gaps and maintain strong security for systems, data, employees, and customers. A penetration test—known as a pen test or "ethical hacking"—safely identifies and exploits vulnerabilities in appliances, operating systems, services, employees, and applications, to replicate what a hacker could exploit. Our teams will find security needs and give appropriate safeguards to limit or contain the impact of a potential cybersecurity event.
Use Security Resources from TBI
Visit our security solutions page to see available security solutions. Speak with your Channel Manager and engage the Tech Gurus for more detailed discussions around security.
ABOUT THE AUTHOR
As a Senior Digital Marketing Manager at TBI, Stephani spearheads campaign strategy and marketing programs designed to drive awareness around emerging technologies and generate demand amongst our providers. Her primary focus is to support and help develop business units at TBI including Omni Center, Channel Sales Enablement, Partner Referral Program and Tech Guidance. You can reach Stephani at firstname.lastname@example.org or connect on LinkedIn.