On a snowy night in January, at a restaurant in downtown Toronto, Hector Kearns, the CTO of Kearns Technology gave us some scary insights into what he does at work every day. (He’s pictured above during our dinner). As a web security expert, Hector spends his time battling cyber criminals and rogue states waging undeclared war on North American commerce. He designs defense strategies to repel their attacks, but on this night, he sounds like the boy with his finger in the dike. Hector can see firsthand how we’re losing the conflict.
Mr. Kearns puts crypto crime and ransomware attacks at the top of the list, identifying these breach-events as the fastest growing and most dangerous type of cyber incidents, with worldwide cost estimates projected to reach USD $30 billion this year (CrowdStrike). “It’s the largest ongoing calamity in the history of the world.” Hector says the ransoms paid out in 2025 will be larger than insurance payouts for all natural disasters, and cybercrime is now more profitable than the drug trade.
Yet Most Companies Are Still Doing Business As Usual
Hector works at Kearns Technology which is headquartered in Toronto and offers managed IT services across Ontario. They offer the same IT services in Montreal and in his role as CTO, Hector has lots of experience auditing business IT networks and designing custom security solutions. He tells us how he regularly meets with large companies and gives the same speech, but most corporate executives are slow-to-act and seem unwilling to allocate the time and money required to keep their organization safe.
10 Indicators Your IT Security is Subpar
When asked, where to begin? Hector tells us that cyber resilience requires two key elements. First, knowing where sensitive data lives (to protect it, yes, but also to quickly restore business operations in the event of breach), and secondly, creating security policies to prepare the organization for every threat imaginable. A good provider offers a mix of proactive monitoring, quick incident response, and ongoing training. Great IT security providers write clear reports on their actions and eagerly work with your teams to jointly conceive long-term security plans.
1. IT Security Solution Basics
Many technology companies are run by mathematicians who seem incapable of writing comprehensible reports. Managed Service Providers (MSPs) offering IT Security should do more than simply stand watch. Account managers should be available to help your firm comply with Europe’s General Data Privacy Regulations (GDPR) and California’s Consumer Privacy Act (CCPA). Your provider should check to see if you’re meeting these rules at the start of your relationship and throughout your contract cycles. They’ll know how you collect and store customer data and ensure you have the right notices on your website. Here are questions to ask:
- Does your IT Security solutions provider take time to understand your business?
- Are representatives of this company always available when you need help?
- Can the company’s representatives explain complex technical issues in simple terms?
2. Proactive Threat Monitoring
A top-notch managed IT services provider will offer proactive threat monitoring to protect your systems. This involves continuous surveillance and quick responses to potential security risks. Look for MSPs that monitor all different systems – this includes your office computers of course, but also external networks, and cloud services. The top firms have trained staff who are always on duty and can react fast if they see a problem.
Round-the-clock monitoring is key to strong cybersecurity, and the best practitioners use software to spot unusual activity which usually means strange login attempts or unexpected data transfers. Quick action can sometimes stop attacks before they cause any real damage.
Many providers use Artificial Intelligence (AI) based software and machine learning in their monitoring to spot patterns humans might not observe right away, and they improve over time.
3. Real-Time Threat Detection
Your company’s IT Security solutions provider should use up-to-date threat intelligence software and real-time threat detection systems which are tweaked to spot issues as they happen. Successfully blocking attacks helps the system recognize offenders and neutralize future attacks. This type of software should be deployed to constantly scan your systems and check for known malware and suspicious behavior. Good detection systems can spot both common and rare threats. Additionally, a top-notch security provider should issue clear alerts about such threats, and they should explain what exactly they found and why it’s so risky. They should also suggest and install the necessary remedies.
4. Regular Vulnerability Scanning
Vulnerability scanning looks for security holes in your network. A top provider does this frequently, maybe weekly or monthly. They aggressively check computers, servers, and other devices to pinpoint outdated software and weak settings, as well as missing security patches. After a scan, you should receive a report of the issues found and there’ll always be something to improve. Your provider should explain your firm’s shortcomings and prioritize their to-do list to fix the most urgent problems first. This ongoing process of continuous improvement is what’s required to help maintain a robust defense.
5. Advanced Penetration Testing
Penetration testing, or pen testing, simulates cyber attacks and should be done at least once every year. Ethical hackers employed by your IT security provider will try to break into your system using the same equipment, software, tools and tactics of a real-life hacker. Pen testers might try to guess passwords or exploit software bugs and many use social engineering tactics to glean more information they can use to increase their chance of success.
After any real-world tests, you’ll receive a detailed report that shows the pen-testers’ progress and it will highlight any useful findings and suggest ways to correct any perceived weaknesses. Such testing measures your true security level and finds problems which regular scans might miss. A good provider uses these results to improve their defenses.
6. Custom IT Security Strategy
A top-notch cybersecurity provider will take the time and spend the resources required to create a tailored plan for your business, and they’ll look at your specific needs and risks to build an effective strategy. There are four types of information security: network security, application security, endpoint security, and data security. Safeguarding each aspect with different defences can play a critical role in protecting valuable assets and ensuring the confidentiality, integrity, and availability of information.
7. Tailored Security Policies
Good IT security providers make different rules for different levels of your operation and will not take a one-size-fits-all approach and force it on all employees in every department. Instead, they’ll learn about your company’s setup and staff roles and check the technology your business uses and your workflow. Different industries have their own security requirements. US Healthcare companies must follow HIPAA, and banks have PCI DSS for credit card data. Your provider should know the standards for your field and will determine the data which needs the most protection and work down the list of priorities. Based on these requirements, they create custom policies which make sense for your operations. They’ll set new password rules and appropriate data- handling guidelines and fit new access controls and update all policies as your business grows and changes. This is the recipe for robust IT security protocols.
8. Risk Management Planning
Insightful IT security providers help business administrators plan for disaster and do not simply react to problems as they appear. They anticipate failure and plot responses to best overcome worse case scenarios. They test new attack software and new defenses to block smarter attacks. They explore and develop better ways to back-up data and deploy the necessary equipment and protocols they know will keep your business safe without wasting money on things you don’t need. The right provider has a solid incident response plan ready to go which lays out clear steps for handling different types of cyber attacks, covering who does what, and when, and what’s the best messaging and why.
9. Advanced Technical Solutions Before & After IT Security Breaches
A top cybersecurity-focused managed IT services provider offers cutting-edge technical solutions to protect your business before attacks happen. They use the latest tools and methods to protect your systems and quickly isolate and contain threats. They’ll implement new ways to gather evidence and new methods to remove the attacker before any real damage is done. They’ll work to design processes to get systems up and running safely, and they’ll test these plans in real time. They’ll make sure everyone knows their role, which helps your teams act quickly and effectively when incidents do occur.
Post-incident analysis and reporting is necessary to conduct deep dives into the particulars surrounding each incident. Experts will examine what happened and what was affected and how to prevent similar attacks in the future.
What will the analysis determine? First, it will assess how the attacker got into your systems. Next, it will look at what exactly was affected. The final report will state how long the attack lasted and what data was put at risk. The findings are shared with managers, legal representatives and PR communication teams if necessary.
10. Continuous IT Security Education, Training and Testing
Hector stressed the need for on-site training. A top cybersecurity-managed IT services provider sharpens their client’s frontline team by providing ongoing training to stay ahead of the curve with regards to new threats.
Employee Security Awareness training is critical to teach staff how to spot phishing emails and avoid the risk. Good practitioners will send regular reminders about password safety and data protection. Employees should learn to report strange activity immediately and be tested on their reactions. The diligent IT security provider provides clear steps for handling sensitive information and explains why each security rule matters.
Regardless of your company’s size or sector, your firm’s data is blood in the water for criminal sharks. If your enterprise hasn’t taken any precautions, it’s just a matter of time before your money will be added to the trillions.
RSS