Need IT support? Here are some questions to ask when looking for a Managed IT Services firm to make sure they provide comprehensive services to keep your business secure. Contact us to learn more about our IT Services.

Our IT Team shares their top three password security tips for small businesses.

If your small business needs extra IT support, we can help secure your systems and prevent breaches from happening. Contact us for more information! 

By David Baker, Microsoft MCSA & MCITP, CompTIA+ & Network+, CSM

According to the 2018 Verizon Data Breach Investigations Report via a Forbes magazine report, more than half of all cyber attack victims were small businesses.

As a Managed IT Services provider, we’ve seen many instances of our small business clients experiencing email phishing, ransomware, or other breaches in security.

Even if your small business uses an out-of-the-box security system, you still need a professional IT organization to help make sure the technology works optimally and is layered with firewalls, encryption, and more.

A Managed IT Services firm can help.

Here are some questions to ask when interviewing a Managed IT Services firm:

1. Do you perform infiltration testing? This involves breaking into your network to expose security holes. Sounds scary, but this is necessary to find the gaps in your system and put together mitigation processes.
2. Do you perform phishing email reaction testing and instruction? Creating a fake phishing attempt to see how staff responds can help identify what should be included in an organization-wide security training plan. According to the 2018 State of Cybersecurity in Small & Medium Size Businesses report by Ponemon/Keeper Security:

Over 80% of small businesses report that malware has evaded their antivirus software.

3. How frequently do you survey digital security readiness? Digital security readiness focuses on preventative measures, as well as the actions to be taken when an incident does occur. Creating a culture of cyber readiness means creating a resilient organization.
4. How rapidly would you be able to recoup basic information? It’s critical that your Managed IT Services firm can quickly retrieve your information from a backup or other reinforcement.

These are just a few questions to ask an IT services firm to make sure they provide comprehensive services to keep your business secure.

Interested in asking us these questions and learning more about how KAI Partners’ IT experts can help? Call 916-465-8065!

About David: David Baker holds certifications in Microsoft MCSA, Microsoft MCITP, CompTIA A+, CompTIA Network+ and has extensive experience in server, platform (HP/Dell). Mr. Baker has experience working with developers and supporting their development environment. In his current role, Mr. Baker monitors clients’ backups, active directory, DHCP and DNS, resolves helpdesk tier 1-3 support tickets, and has successfully completed AD migrations from server 2008 to server 2012 and 2016. Mr. Baker has successfully completed VOIP phone migrations, WAN ISP cutovers, network redesign and implementation, firewall replacements and security lockdown, AWS web server build out, AWS helpdesk call center engineering, and more. In his spare time, Mr. Baker enjoys BBQing, photography, and fitness.

By Jamal Hartenstein, JD, CISSP, CGEIT, PMP

(ISC)², a leading cybersecurity and IT security professional organization, is holding their annual Security Congress event in Orlando in a few months. At the conference, I will be presenting a panel called “Behind the Text: Laws on Data Privacy, Consumer Rights and Cybersecurity, Deconstructed.” Today I am sharing a little bit of insight into what I will delve further into at the (ISC)² event.

Data privacy and cybersecurity laws shape many aspects of an organization, from influencing the operational decisions an organization makes to the way IT security professionals do their jobs.

The purpose of data privacy laws is to provide regulatory compliance measures to protect personal data—depending on the industry, this could be the data of consumers, customers, private citizens, or others. Typically, the laws align with IT security frameworks (often created by academics or other experts) and companies write their data privacy policies to comply with laws and adhere to frameworks.

But, what’s missing? When you deconstruct the text of the laws that govern an organization’s industry—think private sector financial, health insurance, banking, etc.—you may find loopholes or obligations you didn’t know existed. Organizations can save themselves a lot of time and money by understanding the scope of their legal obligations.

Legislation is increasingly shaping the IT security professional’s field. Some laws that currently govern IT security have been on the books for 100+ years, but only recently have been interpreted to cover data privacy and cybersecurity violations. These changing legal interpretations, along with the new laws being put on the books, means that there’s a level of legal understanding that can be daunting for organizations and the security professionals they employ. Collectively, we need to dissect the wording used in the popular data privacy and cybersecurity laws and break it down so IT professionals can truly understand what we’re working with.

As an IT Security professional, I understand the threats, technology, and strategies to mitigate threats. Having a legal background makes it easier for me to understand laws that determine exposure to compliance obligations and laws that influence how I develop strategies. For example, when organizations comply with a deletion request, or “the right to be forgotten” (aka: of your own personal data records held with an organization), this can be an expensive process, especially if the data is on offsite backups and housed with third party data processors. But the law is particularly tricky with explanations on why, how, and when an organization must process a deletion request, or even if the request must be performed at all. Consequently, a lot of time and money can be saved if IT Security professionals understand the text of the laws.

Interested in learning more? During my discussion at the (ISC)² Security Congress, we’ll cover the following:

• Identifying loopholes in laws. For example, whether you must comply with a consumer’s request to be “forgotten”/deleted.
• Identifying widely unknown obligations. For example, the requirement to appoint an EU Representative under GDPR, distinguished from the DPO.
• Understanding the rights of the consumers regarding data privacy provisions and IT security obligations.
• Understanding factors used to determine whether you must comply with data privacy and cybersecurity laws…and to what extent.

Want to find out how to deconstruct and understand security law? Attend my panel at the (ISC)² Security Congress in October—I hope you see you there!

About the Author: IT Security Program Manager at KAI Partners, Jamal Hartenstein is a cybersecurity legal expert who has helped some of the country’s largest financial institutions, healthcare companies, and federal agencies develop their IT Security Roadmap programs. In his current role, Jamal provides guidance to executive staff and security professionals on laws, frameworks, and policies that help shape their strategic plan, and helps organizations innovate safely and securely. Prior to working for KAI Partners, Jamal served as an Electronic Warfare Sergeant in the U.S. Army Military Intelligence Corps, where he was a steward for Defense Information Systems Agency (DISA) framework. He earned his undergraduate degree from Georgia Military College and his Juris Doctorate from University of the Pacific, McGeorge School of Law in California.

By Jamal Hartenstein, JD, CISSP, CGEIT, PMP

I recently had the opportunity to speak to a group of civil servants through the organization, NxtGov. NxtGov is a professional network for people working in California public service, and those who are interested in public service. According to NxtGov, “We want to develop this network into a platform for collaboration across government and other sectors to develop innovative ideas to improve government service and restore trust and pride in public service.”

To achieve their mission, NxtGov promotes training and advancement of current government workers and actively recruits new talent. NxtGov adds value with opportunities on how to find and apply to government positions and training on how to sharpen skills to promote within.

My discussion focused on improving understanding of the Information Technology workforce within the public sector, including information on the different certifications and skills-building that might be beneficial. With so many public sector agencies undertaking large system replacements and other innovation projects, skilled IT professionals are needed now more than ever. And, IT professionals with different backgrounds—like project management and change management—are just as much in demand.

Interested in learning more? Here are some Q&A on IT certifications and professional development:

1. Do I need an IT certification? Considering all the letters behind my name, I definitely think certifications are valuable! Plus, certifications are often mandatory checkboxes when applying for government positions. Even if it’s not mandatory, a certification can indicate to employers your interest in and dedication to a particular industry. A certification can also validate years of experience and capability.
2. Which certification do I need? First you need to determine which certification is most valuable to you and your goals. A certification is only as strong as the certificate authority and how you use your credential. Remember that earning a certification often allows you to gain access to and participate in a new online community with membership by the certification authority. Resources will become available that otherwise were not offered, which only aids in your continued development.
3. Is a PMP® an IT certification? Short answer: Yes! Many of us have been involved in IT project management, but just didn’t know it. A PMP® credential is a valuable IT certification and as of July 2019, there are nearly 900 open project management jobs in the Sacramento region. (Bonus: The average IT Project Manager position pays upwards of $95K annually).

The future of IT in the public sector is great and growing. Whether it’s through cloud migrations, third party software replacements, or an innovation we haven’t even thought of yet, now is the time to start taking your professional development up a notch. For a sustainable IT career, you should keep up with new certification and training and make sure you don’t stay stagnant in a position that isn’t growing along with the speed of technology.

How are you navigating the IT changes in the public sector? Be sure to check out NxtGov to learn more about the important work they’re doing to help improve government services.

About the Author: IT Security Program Manager at KAI Partners, Jamal Hartenstein is a cybersecurity legal expert who has helped some of the country’s largest financial institutions, healthcare companies, and federal agencies develop their IT Security Roadmap programs. In his current role, Jamal provides guidance to executive staff and security professionals on laws, frameworks, and policies that help shape their strategic plan, and helps organizations innovate safely and securely. Prior to working for KAI Partners, Jamal served as an Electronic Warfare Sergeant in the U.S. Army Military Intelligence Corps, where he was a steward for Defense Information Systems Agency (DISA) framework. He earned his undergraduate degree from Georgia Military College and his Juris Doctorate from University of the Pacific, McGeorge School of Law in California.