Together with a group of former company employees, we launched our own web development agency. We soon found ourselves building websites for small to medium size businesses, who would often ask for help with their computers, printers and emails, or other unrelated tasks that they were dealing with. In the beginning, these were small favors, but eventually, we came to the point of essentially spending 60% of our time on these “unrelated” issues. For a while, whenever the phone rang, it was usually about some complaint or unwelcome news, or something that needed urgent fixing. Customers were seldom pleased to see us or pay their bills. We brainstormed about a more efficient way to deal with this and decided to start what Americans would call Managed IT Services. It boils down to taking the time and care to properly configure, monitor and manage our customers’ IT department remotely. Regarding small businesses, it means we totally manage their IT department, providing solutions for networks, internet, emails, domains, storage, etc.. We are now able to deliver 95% of the work remotely, fix problems quickly, avoid delays for customers and work efficiently by having an answer to every possible need The transition from customer support and problem solving to a robust secure managed system has not been easy. We currently use tools like Zendesk, n-central and n-able, and we’re quite heavily invested in G suite. We’re also partners with Lenovo, Datto and MimeCast; we use enterprise grade solutions and adapt them to small or medium sized businesses.
The British House of Lords has recently issued a public inquiry on AI, asking for the public’s opinion on AI-related risks and innovations. What would be your input on that report?
Our role is to assist our clients in adopting certain types of technology and helping them cope with various managerial and security aspects. Most of these businesses we work with are not high-tech ventures; they do things in the real world and they seek our expertise to serve as their IT department, so we can recommend more effective operating solutions. We don’t develop our own technology, but act as consultants. We don’t keep them at the cutting edge of technology; rather, we keep them up to date with what’s already proven itself to be secure and reliable. Most customers are worried about compliance with GDPR (general data protection regulation) and PCI (Payment Card Industry Data Security Standard). I think GDPR is going to promote change when it comes into force, so obviously AI technology will need to adapt.
How do you secure your clients networks?
We utilize a combination of the best proven practices. You can’t get one product and expect it to fix everything. We use Cisco equipment that is properly configured, with secure passwords, monitoring unusual traffic, network defense, access blocking, security updates. For costumers with CCTV, we work closely with a local partner called HIK vision, which helps us to update security to a maximum; it’s the exact opposite of buying outdated parts from eBay. It’s all segmented and stored away. It detects untrusted devices, production data, etc. We keep networks virus free, using an automated patching tool that is attached to our remote machines. We have a list of machines that need to be updated, so if a client buys the IT support package, he will benefit from all of these services. We often deal with people who work from home computers that have enabled access to information. These are more prone to attacks, especially if they are used by other members of the family, who download files or play online games. We secure those devices too. We prefer to protect additional machines, even if it means more initial work, because it saves a huge amount of time, that would be otherwise invested in cleaning up virus infections. It is costlier but much more time effective.
What would you advise to a business seeking to minimize the risk of ransomware?
Ransomware is a game changer; it is a type of malicious software designed to block access to a computer system, and then ask the user for a ransom in order to get their files back. Previously, the worst that could happen to you if you got infected was that you’d be sending automated spam to everyone on your contact list. But it had no effect on your data. Although it was highly inconvenient, it did not pose particularly serious problems. Fake emails may appear to have been sent by a trusted source, a friend, a colleague, or a trusted institution like your bank. Once the user takes action, the malware installs itself on the system and begins encrypting files. It can happen in the blink of an eye with a single click. Businesses which suffered from a serious fire often shut down and go bankrupt. We consider ransomware as no less destructive. Ransomware can creep into your organization via email, halt productivity and cost a terrible amount of resources. If all your data gets destroyed, then your business must access very old backups. It’s incredibly destructive. There are two elements to protect yourself from ransomware: defense and the get out of jail free card. With proper education, patching, endpoint security, defense systems operating from your desktop, blocking emails before they access your server and multilayered defense system, a ransomeware email won’t make a serious impact. By adding a filter that sits in front of your existing mail system, all incoming mail is filtered before it gets to your inbox. If you’re trying to defend against viruses when they’ve already arrived at people’s Outlook’s - then it’s far too late. You will get infected. Our mail filtering software deals with millions of incoming and outbound emails everyday, so it sees all the new viruses very quickly and can filter the ones aimed at the customer much more quickly and sooner than other systems. If somebody clicks a malicious link, you must have external backups that you can restore. Don’t pay money to criminals hoping to get your info back; rather, be prepared in advance with provably restorable backups that are kept externally and are well protected. A backup isn’t a backup unless you can PROVE that it can be restored.