fbpx
Why It’s Important to Do a Privileged Access Audit of Your Small Business Systems

Why It’s Important to Do a Privileged Access Audit of Your Small Business Systems

Providing remote support services puts a business in a position of having access to multiple other computers on a regular basis. This also comes with more responsibility to ensure those logins are completely secured and that only authorized personnel can access a client system.

MSPs, IT providers, and others that provide remote support to customers can often be the target of hackers looking to launch a one-to-many attack. Meaning, to breach one account and get access to many other systems through that account.

The most interesting accounts for hackers are those that have privileged access. These are generally your “account owner” or “admin” accounts and they can often do things like add and remove users, update security settings, and access payment details. 

Approximately 80% of data breaches are connected in some fashion to privileged account compromise. 

It’s important for all businesses, and especially those with access to customer systems to properly manage and audit your privileged account access regularly.

Understanding Privileged Account Management & Why It’s Important

Privileged account management is the strategy of keeping track of the access level of all your user accounts and ensuring they match the needs of the user.

Too many small business owners give all their employees an administrative account in a cloud tool, simply as a “just in case” measure. But the more privileged accounts you have, the more at risk you are of an account breach.

Credential compromise has become the main cause of global data breaches, according to IBM Security’s latest Cost of a Data Breach report. Stealing user credentials is also the main attack type deployed in phishing emails.

If you don’t stay vigilant about limiting your number of privileged accounts and knowing exactly how many you have, you can be at risk for:

  • User credential breach
  • Business email account takeover
  • A major breach of your client systems
  • Loss of business and reputation
  • Ransomware infection
  • Data privacy compliance penalties
  • Downtime of systems

The main goals of an audit of your privileged access accounts are as follows.

Learn How Many Users Have Privileged Accounts

First, you want to have visibility into how many privileged accounts you have in all your cloud tools, and especially those tools that have access to client systems (i.e., your remote support software).

It’s not unusual for a company that hasn’t been doing privileged account audits to be unaware of just how many user accounts might be out there with unnecessarily high access levels.

Go through your user settings in all cloud tools to compile your list of privileged accounts that have access beyond the basic user level. 

Look for Any Unused Privileged Access Accounts 

Unused accounts that never get closed or removed pose a big risk because no one is keeping an eye on them most of the time. Good cloud security practices include closing unused accounts when a person no longer needs that access, either because they left the company or moved to a different position.

Ensure that any unneeded user accounts are properly closed out and removed so a hacker can’t exploit them to access your systems.

Ensure You’re Using The Rule of Least Privilege

One of the main purposes of a privileged account audit is to look for any accounts that have a higher level of access privileges than needed. You should be using the Rule of Least Privilege, which states that a user should only be granted account permissions needed to do their daily tasks and no permissions that they don’t need.

When reviewing your user accounts for access levels, look at the permissions on the account that is a step lower than a user has and the difference between that and the higher-level account. Ask them how often they’ve used any of those additional permissions. If it’s been several months, then you should consider lowering their access level.

Review Your New Account Setup Policy

When doing an audit of privileged accounts, it’s also good to review your account setup policy for new users. Who decides on the access level for users? What are the criteria being used to decide?

Without any policy in place, users often just “wing it,” and as a result, you can end up with a much higher risk because of your number of privileged accounts. 

To keep your number of administrative accounts from getting out of hand in the future, it’s important to have a comprehensive policy on how user accounts will be set up and what will be the parameters for granting someone a privileged account.

Use a Remote Software Tool With Built-in Safeguards 

Instant Housecall remote support software has account protection safeguards built-in, such as multi-factor authentication, encryption, and more.

Try Instant Housecall risk-free for 15 days and experience it for yourself! Try it out now.

What Are the Habits of Successful Remote Support Businesses?

What Are the Habits of Successful Remote Support Businesses?

Remote support can look different from one small business to the next. One company might lean on its remote support for a good portion of its revenue and do as many or more remote sessions as site visits.

Other businesses might only use remote support for managed services, but still end up having to make long trips for simple fixes that could’ve been handled via remote support software.

The difference between the two is that successful remote support businesses tend to adopt better habits when it comes to marketing and managing their services. This puts remote support front and center to customers as an excellent way to get the IT help they need regularly.

68% of organizations said they saw an increase in customer support calls during the holiday season. 

Increasing your remote support business is a win/win for IT businesses and customers alike. You save time and money and don’t need to send a technician out in the field (no gas, no drive time, etc.). The customer also saves time and money, getting their issue addressed faster and not having to pay a service visit fee.

If you’re looking for ways to improve your remote support, try following some of these habits of companies who are successful at managing remote support services

They Train Their Technicians on Remote Support 

Doing a remote support session takes specific nuanced skills that differ from an on-site visit. Technicians need to be able to effectively communicate with customers and guide them through the process of connecting.

Some customers may want to leave their device while the technician is working on it remotely, others will want to watch and learn. Your technicians need to be comfortable with all scenarios and with walking the client through a fix.

Companies that are successful at providing remote support train their technicians and will even have remote support-only teams that completely focus on this type of technical service.

They Collaborate Between Support Teams

You can provide more effective end-to-end services when your team collaborates on a client’s care. Successful remote support businesses will ensure the on-site and remote support teams are collaborating, so everyone is on the same page with a customer.

For example, if the remote team worked on a specific issue during a session that they then escalated to an onsite visit, it’s helpful if both technicians are in communication so they can problem-solve together.

Likewise, after an on-site visit, a company might schedule a follow-up with the remote support team to ensure all is going well.

They Proactively Resolve Customer Issues

You can provide more value to customers if you proactively solve issues during a remote session. A technician might be helping a user learn a new company software, but during that time see that the PC occasionally freezes up.

Suggesting a fix and addressing that before it results in a bigger issue will cause your customers to be appreciative of your proactive support, helping you cement a strong relationship.

They Promote Remote Support Interactions in the Customer Journey

How often do you promote remote support as an option during your customer journey? Companies that earn a lot of remote support business make sure they’re letting customers know at all steps that it’s a convenient option.

For example, after you bring on a new customer, you can suggest they schedule a remote support session for user onboarding. You can also offer it when you know a company is going through a technology transformation as a way to facilitate its change management.

The more your customers use remote support, the more comfortable they will be to choose it as a first option for connecting with you for help.

They Use Tools That Reduce the Effort Needed for Customers & Technicians

Companies that are successful with their remote support business use tools that are easy for technicians and their customers. If you have remote support software that is hard for people to install and connect with, then they’re not going to want to bother.

Some of the ways that Instant Housecall remote support makes the experience easy for all involved are:

  • Customers can open a time window for support
  • You can pre-install the software on customer devices
  • The software can be automatically removed at the end of each session
  • Get a complete session history and log
  • Automatically send review requests after your support session
  • Leave support notes on your customers’ desktops
  • Auto PC repair to address many common issues (like malware removal)
  • Easy connection without PINs or codes

Promote a Great Remote Support Experience 

With Instant Housecall remote support software, you can promote an easy and fluid remote support experience. It has multiple features that improve your customer experience and make your job easier.

Try Instant Housecall risk-free for 15 days and experience it for yourself! Try it out now.

6 Tips for Using Remote Support to Help Companies Optimize for 2022

6 Tips for Using Remote Support to Help Companies Optimize for 2022

When we enter a new year, there is an air of starting fresh and resolving to do things better. People tend to make new year’s resolutions, and companies will have their own version that has to do with optimizing and growing their business.

This is the perfect time to tailor your remote support services to fill that need to renew and start the year off right. There is a lot that an IT provider can do to help companies and work-from-home employees start 2022 off on the right foot.

Promote services that optimize, organize, and streamline digital tools and workflows as part of a “new year, new opportunities” drive for efficiency. Here are several ideas to get you started. 

Offer Speed Tune-Ups to Hit the Ground Running in 2022

Having a faster computer is a universal wish for users. Employees get frustrated with slow systems and employers are always looking to improve productivity. 

Offer a speed tune-up session to improve the performance of employee devices and identify any potential upgrades that would make a significant positive impact (such as a memory upgrade). You can promote this as getting a team ready to hit the ground running in 2022 and ensuring slow devices aren’t holding them back.

Emphasize a Secure New Year With a PC Security Checkup

Security is a continuous concern for businesses. Cyberthreats are always evolving. Without constant vigilance, users can slip into bad security habits, such as creating weak passwords or not installing updates in a timely fashion.

Offer to help companies have a more secure 2022 by doing a security checkup for devices. PCs of work-from-home employees can be particularly at risk if they don’t have any monitoring or management in place.

Many companies don’t have proper visibility into the security of the PCs remote employees are using for work, which is why a larger number of cyberattacks (67%) now target remote employees.

Doing a New Year PC Security Checkup via remote support also sets you up to assist companies with any areas of risk that you find.

Promote Windows 11 Upgrades & Training

Windows 11 just came out in October, and a lot of companies have yet to upgrade. Many were waiting to ensure the new operating system didn’t have any major bugs, and now that it has been out for a few months without any major issues, they’re thinking about upgrading.

Help businesses start the year off right by upgrading to Windows 11 and offering to train users on the new productivity-boosting features like the native Teams integration and snap layouts for multi-tasking. 

Offer a Password Management Setup to Reduce Credential Theft Risk

Credential theft has now become the main cause of data breaches. This is due to more business data being in the cloud, making access to those cloud accounts a main target for cybercriminals.

At the same time, it seems like the number of passwords users must manage continues to go up, causing employees to adopt weak passwords that are easy to breach.

Offer to help a company and its users get set up with a password management application via a remote session. It’s often not having the time or knowing how to get started with a transition that keeps companies from adopting a password manager.

You can offer to do the whole setup for them and their users to help them protect themselves in the coming year from one of the biggest current threats to company security.

Review Cloud Account Use to Help Companies Streamline & Lower Costs

Cloud accounts are used widely and can easily get out of hand. Companies and users begin using multiple SaaS apps, and suddenly costs are ballooning and redundancies are popping up.

Cloud waste nearly doubled in 2019 compared to the previous year, and orphaned app subscriptions were up 100% for all company sizes.

Another new year optimization service you can offer by remote support is to help companies streamline their use of cloud services and reduce their waste and costs.

A cloud use review can improve a company’s ability to integrate and automate processes in different apps and improve user productivity.

Offer an Email Cleanup & Workflow Optimization Session

Email is one of the applications that users are in the most throughout the day. When email isn’t well organized and users don’t know how to use organizational tips like rules and flags, a lot of time can be wasted going through email that doesn’t need to be.

Offer an email cleanup and workflow optimization via remote support to guide users in an email setup that works for them and puts the most important emails front and center. Using rules, you can also show users how to reduce the need to manually move messages into folders, and instead, have it done automatically.

Use the New Year to Launch Optimization Services with Instant Housecall

With Instant Housecall remote support software, you can easily connect with customers for many different types of remote support sessions to grow your business.

Try Instant Housecall risk-free for 15 days and experience it for yourself! Try it out now.

Ways Your Techs Can Promote Cybersecurity on Support Calls

Ways Your Techs Can Promote Cybersecurity on Support Calls

No matter how much IT professionals talk about the importance of IT security, there are still a lot of users not following simple best practices. This results in devastating breaches for companies and instances of identity or credit card theft for the victims.

Cybersecurity is an ongoing conversation and as an IT business or other type of technology support provider, you’re in a perfect position to help keep that awareness going during your remote support sessions

A study by Stanford University found that human error accounts for 88% of all data breaches. Helping reduce the risk of an employee causing an accidental breach for a client can illustrate just how valuable your company is as a service partner.

While the reason for a remote support session may or may not be security-related, there are some ways you can bring in a few awareness tips while you’re on the call. 

Relay a Customer Story

People often remember things that they hear in a story. They relate to one of the characters or the situation and it helps a point stick with them.

Without naming names, of course, relate a pertinent story about a customer where a lack of a basic IT security measure caused them major problems. Then relay the IT solution that fixed the issue. Such as your company implementing mobile device security after a malicious app download caused a network breach.

Mention a Recent Cybersecurity Headline

There have been a couple of high-profile ransomware attacks in the news this year, and a client may likely have heard of them, but not really know what it was all about.

Putting a major breach into a context that the person can relate to helps drive home the point of IT security diligence.

For example, you could mention the Colonial Pipeline ransomware attack that caused major gas shortages across the East Coast. Most people will have read about it, but not many will know that it was initiated from an unused VPN account that wasn’t closed out when no longer needed and wasn’t protected with multi-factor authentication.

Explain Why Your Remote Support App Takes Precautions

When you’re on a remote support session, mentioning that your remote connection software has top-level encryption and disconnects automatically when the session is over helps ease security fears. 

If you take that a step farther and explain why encryption is important it might connect the dots for the person as to why sensitive data being transmitted over the internet should be secured.

Use a Recent Cybersecurity Statistic

Statistics help put things into perspective for people that might think nothing much is different about malware today as it was five years ago. Mentioning that in the past year, ransomware attacks have grown 485% may get them to realize they need to take additional precautions to prevent an attack. 

When on a support call with a small business client that might be a little too lax with their cybersecurity, try a relatable statistic. You could mention that 60% of small companies go out of business within 6 months of a cyberattack, which may be a wake-up call for them.

Show a Convincing Phishing Email & How To Tell It’s a Fake

If your remote support session has anything to do with email security, showing them in real-time what a phishing email looks like and how to spot one can give the person important phishing identification training.

For example, in the phishing email below, there are two giveaways to this being a phishing email:

    1. Hovering over the link reveals a phishing site URL
    2. There is a grammatical error in the second sentence: “We confirmation that your item has shipped.”

cybersecurityLeave Them a Link to a Cybersecurity Tip Sheet

Service partners that cement their value to their customers go above and beyond what their competitors will do. You can spread best practices and help promote a culture of cybersecurity for your clients by sending a link to an IT security tip sheet with best practices at the end of your remote support session.

You can pull several great tips from the Cybersecurity Awareness Month resource site here. Then use those on a sheet with your branding and be sure to include a link to your website and phone number to call for help with any IT security needs. 

Provide Your Techs with a Cybersecurity Checklist

When promoting cybersecurity awareness, you want to ensure that your own technicians are following best practices themselves. Make it easier for them by providing a remote support call security checklist. 

It should include your policy on how connections are initiated, how they’re terminated, and any other security protocols your team is to follow when providing report support.

Use a Remote Support Software That Promotes Security Best Practices

Instant Housecall remote support software has multiple layers of security built in to ensure all your sessions are completely secure. 

Try Instant Housecall risk-free for 15 days and experience it for yourself! Try it out now.