Do You Know How Vulnerable Your IT Company Is To Cybercriminals?
A new alert issued by the US Secret Service is warning businesses that their IT companies may not be as secure as they assume. An increased rate of cyber attacks against IT companies is putting their clients at risk. It’s especially dangerous when an IT company gets hacked because they often have access to all their clients’ data. In effect, all their clients are hacked as well.
That’s precisely what happened when MSP Complete Technology Solutions was infected with ransomware – all their clients, 100+ dentistry industry businesses, were infected as well. In the end, CTS had to pay a reported $700,000 ransom, but some of their clients were left to pay ransoms individually for their own files.
If it could happen to an IT company that works with that many clients, don’t you think it’s possible it could happen to your IT company too? You need to be confident that your IT company can protect you, as well as themselves. If you’re at all unsure, then you need to do your due diligence and inquire about their security standards and practices.
How Does Kraft Technology Group Defend Against Cyber Attacks?
Just as we are committed to securely managing our network of clients’ IT environments, we also maintain a robust range of cybersecurity solutions and processes internally to ensure we aren’t putting client data at risk:
- Carefully Defined Service Level Agreements (SLAs): Every client of ours has a clearly defined SLA, according to four priority levels and outlined requirements for first response timeframes and communication intervals based on priority and severity. We also specify how clients can escalate the priority based on business impact to ensure an appropriate and effective response.
- Remote Administration: We do not allow for any unnecessary access points into client systems – we only use one system for remote administration of client systems, on which employees are trained for secure use. This remote administration system is cloud-based, continually patched, and further secured by single sign-on (SSO), multifactor authentication (MFA) features, and limited to access by authorized IP addresses only.
- Regularly Reviewed Least Privilege: During employee onboarding and on an ongoing basis (three times a year), all access requirements for staff members are reviewed as part of our external audit program. Employees are only provided with the access and privileges needed to perform their duties and nothing more. Any changes to access rights must be approved through a defined change management process, ensuring that only those who need access to clients systems have it.
- Security Controls: We have carefully developed and follow a robust Information Security Policy and a series of security controls aligned with the MSPAlliance control framework, HIPAA, and GLBA compliance systems.
- Annual Audits: We perform an external audit every year through the MSPAlliance MSP Verify program to ensure that our processes and procedures are held to a rigorous security standard.
- SLED Compliance: Our operations and compliance standards are aligned with the states in which we operate, ensuring that each clients’ data is protected by the expected standards of where they are located.
- Robust Cybersecurity Training: Our employees are required to complete two separate security awareness training programs annually, one of which is specific to HIPAA, and the other is a scenario-based general security awareness program. Furthermore, staff members are enrolled in the same EmployeeGuard service we offer to clients, which includes weekly and monthly micro-training, phishing exercises, and dark web scanning.
With Kraft Technology Group, You Can Be Confident In Your Cybersecurity And Ours
If you’re not confident in your IT company’s cybersecurity, then it doesn’t matter what services they’re delivering to you. No matter how secure your data may be at your business, if your IT company isn’t secure, it’s just a matter of time until your data is compromised, like the clients of Complete Technology Solutions.
With Kraft Technology Group as your IT company, you can be confident that your data is secure, whether cybercriminals are targeting you or us. We demonstrate our commitment to cybersecurity through the solutions and practices listed above and deliver that same level of security to your systems as your partner in IT.
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.