Why your IT Provider may be the Weakest Link in your IT Security
By: Patrick Carroll | President, PCR Business Systems
In 1878, William Bonney, aka “Billy the Kid,” along with a posse of gun-wielding outlaws known as the “Regulators,” wreaked havoc in New Mexico as they fought for control of dry goods and cattle interests. You may be familiar with the gang and their story from the movie Young Guns (and from the Warren G and Nate Dogg song, of course). The gang took the name “Regulators” because they believed the lawmen in their county were corrupt. Despite their violent behavior, they considered themselves the “good guys” as they sought to regulate the cattle monopoly and make sure justice was served.
Today, there are regulators in just about every industry we provide IT services for. None of them carry around side-arms or ride into our client’s offices on horseback, but they do instill fear with threats of legal actions and heavy fines if companies aren’t compliant.
Our clients are governed by laws and regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA); the Payment Card Industry Data Security Standard (PCI DSS), and the Federal Information Security Management Act (FISMA), just to name a few.
But remarkably, there are no regulations or regulators in the IT Industry. IT service providers are not governed by compliance laws. It’s almost as if the IT industry is its own Wild West. For fly-by-night companies, having little or no regulations is a wonderful thing. Any kid with a laptop can create a website and offer IT Services for Northeast Ohio businesses. There’s no one looking over their shoulder to see what controls they have in place to protect your systems.
IT service providers are not governed by compliance laws.
For businesses, this is a terrifying proposition. Why? Because your IT Provider has access to your systems and your confidential data. If they get breached, it opens the door for cybercriminals to view and steal your company’s and your client’s private information.
In addition to putting your business at risk (60% of businesses with less than 500 employees go out of business within six months of a breach), it could also put you at risk of being fined and losing the trust of your valuable customers.
So what can you do to make sure your IT Provider isn’t the weakest link in your cybersecurity?
1 – Make sure they are SOC 2 Certified
PCR is one of (if not the only) Managed IT Services Provider in Northeast Ohio to be SOC 2, Type II Certified. This means we’ve gone through an extensive audit to ensure we have the highest level of security controls in place.
2 – Have a conversation with your IT Service Provider. Can they answer the following questions?
- Are they truly maintaining critical security updates for your IT systems? Have you outgrown their ability to adequately support you?
- Are your IT systems truly secured from hackers, viruses and rogue employees?
- Are your backups configured properly to ensure that you could be back up and running again fast in a disaster?
- Are you unknowingly exposing your company to expensive fines and litigation under Ohio data breach laws?
- Does your cybersecurity program conform to the Ohio Data Protection Act.
3 – Only work with established IT Companies
PCR has been in business since 2004 and has partnered with over a hundred Akron area businesses during that time. Over the years we have earned the trust of our clients by providing fast and reliable IT support, and the highest level of cybersecurity solutions.
4 – Schedule a FREE Cybersecurity Risk Assessment
We will take an extensive look at your security controls to see if there are any vulnerabilities attackers could use to breach your network. Schedule Now!