#fortworth

Security Delivered in a Box

With news of breaches occurring daily, cyber security has been forced to the forefront of every business.  The challenge is cyber security is a very complex subject to address with many layers using names confusing even to technical people.  Trying to decipher and understand all the layers and what is appropriate for your business is nearly impossible without a team of experts to guide you along the way.  Often the result is having multiple vendors provide different layers of security that do not work well together, are difficult to manage, and ultimately more expensive. For this reason, Fluid spent a year researching to find a better way.  What we found was very interesting.  There were many security companies offering specific pieces of an overall solution – one vendor offering a firewall, another offering anti-virus, and another offering cloud based security, and so on.  This was the very overly complex scenario we were trying to avoid.

Using this knowledge, Fluid developed a set of solutions to address each layer of security in a unified way that can be centrally managed, while in turn reducing the number of vendors involved and related cost.  The result is security in a box, a menu of security solutions to address each layer of security with options for increasing security levels to meet the specific needs of a business.

You are covered from the end user to the cloud!

SecurityInABox

The primary aspects in a consolidated solution had to include the following –

  1. Centralized management of all security devices and software
  2. Consistent ongoing management and monitoring of security events for remediation
  3. Proactive notification of threats
  4. Detailed monthly reports showing actual data related to the specific client environment and usage
  5. Inclusion all necessary hardware, software, and support renewals (firewalls, network switches, wireless access points, cloud based firewalls, etc.)

Whether it’s 3 devices or 3,000, Fluid can procure, configure, implement, and manage security using a single standardized process.

The results for our clients have been fantastic!

After implementation of the service, we review the initial monthly security report with our clients and without exception, the report shows activities they had no idea were occurring.  Not only do they have visibility to what is actually happening in their business, they now can do something about it.  Whether it is through creating a company policy or having Fluid systematically block certain traffic, the business is now in control.

In addition, because the service is all-inclusive and standardized, it can very easily scale as the company grows.  We have many clients that open new branch offices around the country and we can very quickly deploy the solution to those locations and add them to the overall solution.  In addition, each location receives its own monthly security report, so analysis and action items can be done at the location level.

The reports are an extremely valuable tool for ongoing cyber security monitoring and remediation.

SecRpt1

Visibility to outside attempts to infiltrate company systems allows specific geographic based controls.

SecRpt2

A primary role of any cyber security is to block malicious attacks and intrusions.  Monthly reports show details on specific attacks.

SecRpt3

If a deeper inspection is needed, we can even go to the user level to analyze what is occurring.  This has been especially helpful for situations where there may be one or two rogue users that need to be addressed.

SecRpt4

Unfortunately, employees are the number one source for security incidents.  Knowing what they are doing is necessary to continue to improve security training and make adjustments to security policies.

SecRpt5

Fluid’s Security-as-a-Service includes everything you need, out of the box, to secure your business!  Contact us now to learn how 214-245-4118 or wade.yeaman@fluiditservices.com.

Are You Prepared for a Cyberwar?

We make it our business to protect yours. Former white hat hacker Joshua Petty will be presenting the unexpected sources of security threats and how to defend yourself. In light of the recent global ransomware attacks, this information could prove invaluable. We think you should be there.

Fortinet is the largest security appliance vendor, and when partnered with Fluid IT Services you know that your information is protected. The topics over lunch will cover simple ways to harden your infrastructure, how to manage your security with minimal effort, and arming your staff to become more security conscious.

Space is limited, so register today to secure your place at the table. We look forward to your participation.

Tuesday, June 6, 2017 @12pm

Maggiano's Little Italy 6001 West Park Blvd.

What you can expect:
  • Security insights from the experts
  • Fine Italian dining
  • GOPRO giveaway with all the accessories to get you started

Register Now

How 20 Minutes Can Save Your Business: 4 of 4

In my previous post, I promised 4 topics that if considered may make you re-think outsourcing IT.  We started with the specialized knowledge required to keep IT running smoothly for a business today.  No one (or two) person will have it all.  If you missed it, check it out here.  Next we covered the strategic role IT should play in your organization.  Here's #2.  In my third post, I covered reducing risk.  Sometimes we don't consider how much key-person risk we have in our businesses.  This post will help you consider that. Today, I'm going to focus on cost.

Reason #4 - Cost is King: Why Managed Services are MORE Affordable

For small businesses, costs are a critical measurement. The cost to maintain an internal employee’s technical acumen can be monumental. Salary, workers compensation, benefits, and payroll taxes are not cheap. Small companies do not have access to healthcare discounts that large enterprises can harness. Adding regular and expensive training for an IT staffer is a significant increase to those costs. Every course sponsored by your company makes an employee more valuable on the open market. Every course neglected creates risk for your business.

If you are making investments in hardware to maintain an on-premise environment, what happens in the event of an economic downturn? There is no better example than that of the ever-changing Oil and Gas industry. I have seen large infrastructure investments made during a growth period, followed immediately by a downturn. Many found themselves paying for hardware they can no longer utilize effectively.

All things considered, outsourcing IT is less expensive than the cost to maintain a full-time employee. If your industry is facing a downturn, a managed services agreement allows you to scale down. When you experience growth you can easily scale up. You gain access to a team of experts instead of relying on the expertise of one person or a small team. A recent Gartner study cited that 80% of small business would “realize significant savings from outsourcing e-mail management alone.” Imagine the savings in outsourcing other technology components.

Bottom line: If you own or operate a small business you should be evaluating IT outsourcing. A 20 minute conversation might just change your life.

 

How 20 Minutes Can Save Your Business: 3 of 4

In my previous post, I promised 4 topics that if considered may make you re-think outsourcing IT.  We started with the specialized knowledge required to keep IT running smoothly for a business today.  No one (or two) person will have it all.  If you missed it, check it out here.  Next we covered the strategic role IT should play in your organization.  Here's #2. Today, I'm going to focus on reducing risk.

Reason #3 - Taking the Stress out of Taking Vacation (Reducing risk)

What would happen if the only employee familiar with your IT environment resigns? Or just goes on vacation? What is the procedure when a server goes down in the middle of the night? Would anyone notice before business was disrupted the next day?

When a small company chooses to use a managed service provider, these questions are no longer relevant. You are not impacted by the loss of an employee or having to scramble when they go on vacation. If a business-critical system goes down, you will be notified and it will be handled quickly. If the power goes down on site your systems are not impacted (depending on your level/type of service). If your company is subject to compliance requirements, you don’t have to worry if you are meeting them. For many businesses, managed services provide peace of mind and value that more than compensate for the cost.

Have you taken a hard look at the cost of a full-time IT employee? Read the last of this series, Cost.

 

How 20 Minutes Can Save Your Business: 2 of 4

In my previous post, I promised 4 topics that if considered may make you re-think outsourcing IT.  We started with the specialized knowledge required to keep IT running smoothly for a business today.  No one (or two) person will have it all.  If you missed it, check it out here. Today, I'm going to focus on the strategic support you get from the right IT partner.  IT should be a business enabler, not a cost center.  The right partner will provide that support.

Reason #2 - From Password Resets to Profit (Setting an IT Strategy)

If you currently have a full-time IT employee or team, how often do they approach executives to get input on how to better support the business using technology? Based upon experience, my guess would be not very often. Smaller IT shops typically do not have the time to keep all of their systems up to date (not to mention password resets, break/fix, email issues), much less consider how to make the technology profitable. The most valuable function an IT organization can provide is not just keeping the lights on, it is enabling the business to grow.

Outsourcing your IT to a managed service provider gives you access to consultants that will work to align technology with your business strategy. Some even provide virtual CIO services, such as planning a technology roadmap, developing an IT budget, and analyzing and reworking business processes.

How are you mitigating the risks associated with maintaining an IT environment? See our next installment on Reducing Risk.

 

How 20 Minutes Can Save Your Business (And Your Sanity)

You are busy, I get it. There is not enough time in the day for you to finish the tasks on your plate, much less extra time to evaluate new technology options. Whether you are part of a small internal IT team or your company has added IT maintenance to your ever-growing list of responsibilities, Fluid has you covered.  There are 4 key reasons to consider outsourcing IT that you may not have thought of in the past.  I'll cover these reasons in a 4-part series.  So if you have 20 minutes, read on and we might be able to change your IT life!

Reason #1 - Specialized Knowledge

I recently participated in a meeting with a potential managed services client whose IT staff consisted of two full time IT employees who both left the company unexpectedly. The reasons they exited are common in small business, though are not often considered in decisions regarding outsourcing. For one employee, the responsibilities were just too overwhelming and they could not handle the workload; the other believed that they did not have a vertical career path. Unfortunately, most small companies cannot afford IT employees with the depth and breadth of knowledge required to adequately run an entire IT environment. Many of the good ones don’t stick around because they are offered more money for their skills by larger companies. The damages left in the wake of their departure were systems and hardware that had not been updated in years, creating significant risk for this business and few options to resolve the issues quickly.

With the decision to outsource, you leverage the collective knowledge of a much larger IT organization. You receive the benefit of much broader coverage, access to expertise and skills you would not have otherwise, and reassurance knowing that critical systems will be maintained consistently.

Are you getting the strategic guidance that you need to grow your business? Check out the next installment on General Business Consulting.

 

Security Breaches: The Kiss of Death for Small Business

For romantics, a kiss signifies love, affection, or respect. Unless you receive the kiss of death, which signifies that your days are numbered. For small business, a cyber-security breach is the dreaded kiss of death. security metrics 2.0Here are some stats that’ll start your heart from recent studies from Property Casualty 360 and Small Business Trends:

- 62% of cyber-attacks are focused on small to medium businesses - Only 14% of these businesses rating their ability to mitigate an attack as highly effective - Average cost of a breach for a small business, including damage or theft of assets and disruption of normal operations is slightly over $1.8M - 60% of small companies will go out of business within six months after an attack

While it may be surprising that 60% of SMBs attacked will be out of business, once you understand the typical cost of a successful attack, it’s far less surprising.

So do small business owners just give up in the face of these threats? Nah, that’s not the way entrepreneurs roll. Most small businesses can outsource the mitigation of this risk for less than $1K per month, offloading both the risk and the time that it takes to manage a security solution. For a small business, this can be the difference between life or death, much like an insurance policy.

In the world today, it’s no longer a matter of IF your company will be hit by a cyber-attack, it is a matter of WHEN. The question that you should ask yourself is, “Do I have almost 2 million dollars to handle it retroactively, or does it make more sense to spend $1,000 per month to proactively protect my livelihood and my customers?”

For a frank discussion on cyber-security and ways to mitigate these risk, reach out to Fluid. We can help.

[gravityform id="1" title="true" description="true"]

IT Security Framework for Accounting Firms

The AICPA released two sets of criteria for public comment this week (Sept 2016) regarding cyber security. Both focus on different elements, but the common theme is the AICPA trying to develop a common framework for audit firms to evaluate the cyber security of their clients (risks and compliance). While this will prove to be very helpful, it got us thinking at Fluid: Do CPA firms themselves have a framework for their own security? Are CPA firms adequately protected from data breaches of their client’s financial information? Are accounting firms prepared to react to and recover from a malicious threat that may cause data loss or temporarily impact the productivity of the team?

Data security is a pressing issue for CPA firms given the rising level of attacks and the sensitive financial data accountants work with. A few data points –

  • Over ½ a billion personal records were stolen in 2015
  • Phishing campaigns targeting employees rose 55% in 2015
  • Ransomware increased by 35% in 2015 (362K reported cases)
  • 1 in 220 emails sent contain malware (431M new malware variants found)

While developing your own cyber security framework may seem daunting given the rapidly shifting threats, the task at hand can be greatly simplified if you break it down into the components parts (and work with professionals). At Fluid, we support our clients in 4 primary areas that each firm must address to have a comprehensive security plan.

1) Compliance Management:Fluid Security Framework

Does your firm understand all levels of compliance required given the data your firm interacts with? This can range from data retention compliance standards to data-center configuration standards. Often great compliance management starts with proper documentation, but rely on staff training and monthly monitoring to ensure/validate compliance.

2) Perimeter Management:

Think of your IT perimeter like the physical perimeter of a secure building. Are all entries and exits secured and guarded? Firewalls, cloud services, and email are major vulnerability points that should be managed and monitored for security purposes. BYOD and the proliferation of mobile devices has extended this perimeter, but these additional problem have solutions if they are approached systematically.

3) Vulnerability Monitoring and Threat Response:

You may know your weaknesses today, but that will change tomorrow; you need to monitor for attacks and have an active response if any attacks are detected. Much of this can be automated, but some expert oversight can make sure you don’t have any unintended gaps.

4) Cloud Backup and Disaster Recovery:

Even the best-run IT Departments may run into an occasional problem, ranging from accidental data loss to a malicious breach. We’ve found from our experience with clients that having a robust, offsite backup in a secure cloud environment can minimize the impact of most problems and greatly improve recovery times.

 

Whether you know it or not, your firm has ongoing IT activities in each of these 4 areas, which require ongoing focus and continual improvement – security is never ‘one and done’.

If you want to review your security practices, give us a call. We can help.