On Monday, we got a call from a company we had done some hourly work for in the past.
Here’s what happened. One of their employees received an email from “The Geek Squad” saying they had been hired to perform IT services on the firm’s computers. The employee called the number and ended up letting the alleged helpers from “Geek Squad” into her computer via remote access.
Long story short: these were hackers, of course, and ransomware was the result. Now, they needed us to “fix” the problem out of the blue.
Their case illustrates why last year we made the decision not to take on any new break-fix clients – hourly-paying clients who call only when something goes wrong – and why this year we are phasing out hourly service as quickly as possible, even for those who we had performed such services previously.
Why? We realized that instead of helping, this sort of service was actually enabling the worst cybersecurity habits by small businesses who were just trying to get by on the cheap.
You call your plumber when things break. For your data and your network, however, a break-fix relationship is, in fact, no relationship at all.
Going forward, we will only manage client networks on an ongoing, retained basis.
What does this mean?
We serve as our clients’ outsourced IT department: technology planning and leadership, regular patching, operating system updates, email filtering, data backup, security threat monitoring and more. Plus, a helpdesk – our award winning, all U.S.-based team of skilled technicians – that’s on call and ready to provide help as though they’re your own internal team.
Without this kind of managed IT service, you have essentially no cyber protection at all. Heck, this company’s employee didn’t even know who their IT support team was… Geek Squad sounded reasonable enough to her! And clearly there hadn’t been any cybersecurity training because these Geek Squad scams are among the simplest to recognize and avoid.
For small and mid-sized companies without internal IT departments of their own, there are a number of ways they can approach their cybersecurity practices:
- Worst: cross their fingers. Small companies often tell themselves, “We’re too small to get hacked.” This is not only dead wrong – I will write about this notion in Part 2 of this series – but it perfectly represents the break/fix mindset, which we see far more often than we do companies that are proactive about their cyber hygiene.
- Almost as bad: go it alone. The most tech-savvy person in the office becomes the de facto IT person. This leaves huge security gaps and takes that person away from their core function.
- Better but not ideal: outsourced “IT guy.” Our industry is filled with one- and two-man shops. As they run from client to client putting out fires, service and response times suffer. And staying on top of the latest trends and solutions is nearly impossible.
- Best: graduate to managed IT services. Whether it is with us or another reputable firm, this is the only way to ensure the ongoing health of your network and security of your client and employee data.
I realize that to the companies that choose break-fix “support,” it seems less expensive to avoid the monthly retainer of a firm likes ours and instead to call an IT person only when you need him or her. But if disaster strikes – and believe me, it strikes small companies far more frequently than you realize – the cost of not having proper cyber protections in place will be beyond your imagination.
Something else most Americans probably can’t imagine is the cunning, organization and commitment of the world’s hackers. Often, it is the conditions under which these hackers work that define their persistence — and which explain clearly why cyber criminals are a threat to organizations of all sizes.
I promise, you won’t want to miss the second half of this two-part post in a few days: Cyber Reality, Part II: Here’s Why You’re Not Too Small to Get Hacked