( read )

Big Internet, Small Business: Managing Cybersecurity Risk During a Pandemic

By Cristina Garza

Allan Jocson, founder of Agilitec Managed IT Services, is next up in our client spotlight, where we highlight people and businesses that thrive by helping others achieve their goals. I’m always thrilled to share the insights my clients have gleaned from their success in supporting small businesses. Be sure to read to the end, as Allan has an incredibly special offer for all businesses affected by the pandemic. I hope that you enjoy this post and get something useful from it!


Watch the interview...




Cybersecurity is an increasingly challenging area for small businesses to manage on their own. Which is where Allan’s company, Agilitec, comes in-- They help businesses in New York, Las Vegas, and San Francisco implement what they call “the modern workplace.” Because security is inherently inconvenient, Agilitec begins by helping clients make clear-eyed decisions on where they want to strike the balance between convenience and security. With a custom-tailored, security-focused approach, Allan and his team provide both classic IT managed services (managed workstations, networking, backups) as well as more modern SaaS (Software-as-a-Service, think Gusto, Xero, Box, et. al.) and mixed-cloud solutions, all based on cutting edge NIST Cybersecurity Framework guidelines


When onboarding a new business, Agilitec will start with Step 1 on the NIST Framework, “Identify.” First they look at the industry they’re in, as it can shape the specific cybersecurity needs of the company. For instance, healthcare providers will require a HIPAA-aware MSP (managed service provider), and other industries may have their own regulatory requirements. From the industry focus they then dive into the nitty-gritty, assessing the situation as it is on the ground. This requires a full understanding of all extant equipment, policies, and procedures as well as a keen eye to what needs to be improved. Critically, they seek to discover how technology is used to make the business more efficient, since that’s the whole point of improving it! As they move through steps 2-5 (Protect, Detect, Respond, Recover) they take what they learned in their discovery and apply best practices to every point of risk, ensuring all that can be done is done. 


When I asked Allan to share an industry horror story, he opted to share a whole category of horror vs. a specific instance: With no regulation and no standards body requiring proficiency, MSPs can vary widely in their overall quality. This has some companies relying on overly risky, “fly-by-night” operations (often solo operators) for a level of security proficiency they can’t possibly live up to. The level of sophistication and endless quantity of emerging cybersecurity threats combined with the prevalence of overly confident MSPs has led to a trend in MSPs themselves becoming targets for hackers. Imagine if the people to whom you gave the kinds to your digital kingdom come to you and say “Sorry, we lost the keys.”  That’s a wicked bad day at the office, guaranteed! 


In order to forestall against this trend, Agilitec employs a CISSP certified security expert as a “vCIO” [Virtual CIO]. This rare certification is sort of like a doctorate in computer security and requires a full spectrum of analysis and rigorous application of best practices. Few small businesses can afford to employ such an expert directly, so it’s useful to have as a resource for those who can’t afford it. 


When asked what else a client can look for to determine whether an MSP is qualified, Allan suggested the following: 


  1. Always ask to talk to their current customers. They should be happy and confident!
  2. Find out what their SLAs (service level agreements) are and how well they meet them.
  3. Determine what % of a company’s tickets are proactive vs reactive (!!!)


As to the third point, a critical difference Allan noted between a proactive and mature MSP vs. a reactive break-fix focused shop is the amount of time spent putting out fires vs. engineering solutions that don’t tend to ignite. :) I found a lot of similarity between this viewpoint and how Accountingprose operates; I feel it is my job to do everything I can to foresee the twists and turns a small business may not anticipate. An ounce of prevention is worth a pound of cure!


Lastly I asked him what he suggests for businesses facing an urgent and unexpected need to enable remote work, especially if they have regulatory or other requirements preventing them from utilizing cloud SaaS providers. It turns out Agilitec is well positioned to help people with such “mixed cloud” requirements, thanks in large part to the expansive regulatory compliance available on the Azure platform [which even the NSA utilizes]. Amazingly, Allan is currently providing free onboarding and even some free project work to businesses struggling with modernizing during this pandemic. This truly is an incredible opportunity to modernize your small business in a professional, security-focused way with a reliable team that offers peace of mind. 


If that sounds like something your small business needs, contact Agilitec today for Secure Technology Solutions For Your Modern Workplace!