Free Security Training = More Security Sales
The following article appeared in ChannelPro Network
Want to increase the number of security solutions your clients purchase? Give them something of value up front for free. By Art Gross
In the spirit of “go-giving,” some MSPs provide valuable information to prospective customers that can make them more receptive to additional conversations later on.
Top 5 Cyber Risks for Businesses

Travelers Insurance put together the top 5 cyber risks for businesses. There are no surprises in their list. They not only look at each risk but give associated costs with each risk. Let’s take a look at the top risks.
Cyber Risk #1: Human Error: Lost and Stolen Laptops and Smartphones
Everyone at one time has lost or misplaced their phone or laptop. Unfortunately mobile devices are easy to loose.
NYT: No Business Too Small to Be Hacked
The New York Times has a very good article titled: No Business Too Small to Be Hacked. We have been saying for the past few years that businesses of all sizes are vulnerable to cyber-crime. The more examples of real-life, documented cyber-crime the more awareness will be raised. Awareness of risks is critical because many small businesses incorrectly believe they are too small to be a victim of cyber-crime.
FCC fines Cox Communication $595,000 over data breach

According to an article over at The Register, the FCC has fined Cox Communication $595,000 over a 2014 data breach.
Hacker disguised as IT support
The breach in question occurred in August of 2014 when, the FCC says, a hacker called “eviljordie” phoned Cox customer service claiming to be an employee in the company’s IT department. After tricking the call-center staffer into visiting a fake support website and entering their username and password, the hacker used the login details to access Cox’s customer database.
Prevent Employee Cyber Theft with Data Breach Prevention

The Computer Fraud and Abuse Act CFAA is not a very widely known piece of federal legislation but could help companies that have been victims of employee or ex-employee theft of digital information.
According to an article over at Fox Rothschild LLP the CFAA can be used to help companies that have had employees or ex-employees steal or access unauthorized information.
A Case Study on Dridex Banking Malware
A form of malware called Dridex is targeting finance employees at small to midsize companies. The criminals are sending emails with Microsoft Word and Excel attachments. The emails are very targeted and trick the employee into opening the attachment.
Inside an SMB Hack

In a Verizon Data Breach Investigations Study, they found that 71% of breaches occurred in businesses with less than 100 employees. You would think that Small to Midsize Businesses (SMBs) would be very worried about security. And many SMBs might be worried but for the majority they just don’t believe that they need to worry or that they could be a victim. One of the issues is that we typically hear about large corporations experiencing a data breach (Target, Home Depot, Sony, etc.).
Ransomware using Remote Desktop to spread itself
According to an article over at SC Magazine, hackers are using brute force to crack their way into Remote Desktop / Terminal Servers and installing a CryptoLocker type malware that is encrypting the files on the server.
Employees are the biggest security threat

There is a very good article over at the Grand Forks Herald that makes a compelling case that employees are the biggest security threat a business has.
Steele says the No. 1 threat to a company’s network security today is its employees. It’s been his experience that “breaking into a network is much more difficult that breaking into a person.”
“Trust is very deeply ingrained into our psyche. The easiest way for an attacker to get into a network is to break that trust,” he said.
MSPs: If your client has a data breach they will blame you

As we talk to potential MSP partners and give presentations at ASCII and MAXfocus events, we are starting to hear a common message:
I worried about providing security services to my clients because they may hold me legally responsible if they have a data breach.
You can understand why MSPs might think that not discussing security would help them avoid legal liability. No one wants to be in the position where they told a client “if you implement these security measures, you will not have a data breach”. Then if the client does have a data breach the MSP bears the responsibility.