Contact Sales:| Support:| Pay My BillClient SupportLet’s Talk!
Where in the World is Matt Lee?
Iconic IT’s Director of Technology, Matt Lee, talks Infinite Games, gets real about SMBs’ role in cybersecurity, and celebrates a “romantic” Valentine’s Day with his wife, Kat
Happy March! February was the usual level of controlled chaos for me, with many meetings, lots of internal work for Iconic IT, and of course, tons of presentations.
The PIM (Privileged Identity Management) solutions I referenced in last month’s update are making great progress. We leveraged using the existing PIM solution remodeled to allow for users to request local admin rights to their machines and have that escalation auto expire as well. Microsoft is helping me demo the PIM solution in the March Pax8 Bootcamp.
Speaking of Microsoft, I was interviewed by the tech giant to help them understand what makes an MSP different from other organizations so they can better serve our industry. They kicked off a virtual IT site visit, starting with my interview; they are making plans to interview our own Nick Nyberg, Tony Miller, and Nicklas Herrera as well.
I really had a good time this month teaming up with Bob Coppedge, cybersecurity guru and IT consultant, in a fun little presentation called The Infinite Game. It was a great presentation and a lot of fun. Keep an eye out for more like this!
I’ve been busy internally, as well. We’ve built a strong foundation, but now we are working to optimize our company. We’re rewriting policies, and auditing machines, users, systems, and security tools. I’ve made headway with our backup solutions, like building a new data center to consolidate data in a safer way. We’re investigating SOC as a service, more robust MSSP-like delivery of our capabilities, and SIEM solutions.
We had a few great Ask Me Anything presentations, starting with a Central Ops internal Addigy AMA for our technicians. This AMA was very timely since we are increasing the robustness and experience for our Apple/Mac users to equal what we can deliver to their Windows brethren. The next AMA was with Auvik engineers. I really enjoyed this one; engineers are removed from clients and have no idea how their work benefits their users. It was a great time to share stories about the way their solutions empower us to empower our clients.
Iconic IT has had compliance on our minds lately, CMMC (Cybersecurity Maturity Model Certification) and SOC2 specifically. CMMC is an audited framework. It was created after the abject failure of the DOD’s self-reporting 800-171 framework. 800-171 relied on a self-reporting honor system, and most companies were just checking the boxes. A few other MSPs and I have partnered with Anneal and Edwards Performance Solutions to put policies and procedures in place to become CMMC3 certified ourselves. This certification, along with our commitment to SOC2 Type 1, puts us in a position to help our clients stay compliant and to continue to thrive and earn business.
I took part in a webinar (What to do if You’re Hit with Ransomware) with Wizer, a cybersecurity training firm. My good friend Chris Roberts was the panel leader, and we discussed how to prepare for and respond to a ransomware event. The truth is that there’s nothing you can do after a ransomware event except respond, but there’s a lot you can do to shape how that response plays out. This got me thinking about just how many SMBs have a set-it-and-forget-it mindset about cybersecurity.
A lot of times, SMBs have an “it won’t happen to me” attitude, believing that the “smart guys” at their MSPs have it covered. They never test, they never practice, and they never actively participate in the actions that will keep them safe and help them prepare for, and lessen, the effects of threat actor events like ransomware.
Security is a team sport. Think of a football team who has all the best athletes on the field but loses despite the coach’s best efforts because they didn’t practice. The MSPs can’t win if the client “players” aren’t willing to practice with them.
As MSPs, we need to do better. We need to educate businesses that are willing to be team players and stop working with those who won’t. The bottom line is this: the businesses who understand that they share responsibility for their cybersecurity will succeed. The rest will fail to prosper.
As MSPs, we need to be prescriptive with our clients and help educate them to make good decisions. How many times have you sat with a business owner who can tell you the refueling schedules of their trucks, or the tire pressures they require, yet they push off security decisions to the “smart people?” We need to educate firmly and help support security at the “speed of business.”
We shouldn’t be asking for permission, we should be implementing and educating.
On a lighter note, shout out to Matt Topper, Iconic IT Director of Central Operations, who has really embraced his role by (among so many other things) taking ownership of compliance and incident responses with our clients!
Since no one at all asked me about my Valentine’s Day, let me share it with you anyway. My wife, Kat, and I spent the whole day moving bedrooms around, rearranging my office, and setting up my new office audio system. I know, I really am a hopeless romantic.
Look for me in March at Huntress hack_it 2021 as I take part in two presentations (March 23rd and 24th). Register here to join me for Tales from the Trenches: Hacker Horror Stories and Sea Stories & Shop Talk. I hope to see you all there!