itSynergy: Blog

Managed IT services

How RIDM Keeps Your Managed IT Services Spend in Check

itSynergy|Jun 19, 2023|,

A client called asking why a specific anti-virus and endpoint security software solution was not included in their managed IT services solution.

I was flummoxed by the question. Why did he want to throw his money at that?

It is a great enterprise product, but a poor fit for his small business. A free solution we recommended 4 weeks earlier offers better ROI for him based on his size and risks.

To explain how risk-informed decision-making (RIDM) led us to the free recommendation and why we prioritized it over exceptional cybersecurity software, we need to hit rewind.

The Timeline of a Preventable Email Hack

About 4 weeks before the phone call, we had a strategic business review with the client. This included the results of the comprehensive risk assessment we conducted for them. It’s an evaluation we regularly conduct and review with our clients.

The 100+-point analysis typically generates a long to-do list

No client can, or should, try to implement everything at once. Our virtual Chief Information Officer (vCIO) reviews the list and selects the 5 to 10 most impactful action items for the client.

These are further prioritized as high-, medium-, and low-priority recommendations.

What Risks Jeopardize Your Business?

Get an Assessment and Find Out

This client had 6 high-priority recommendations

One high-priority recommendation was turning on multifactor authentication (MFA), available through their existing Microsoft 365 subscription.

We offered 2 options for implementing MFA:

  • White glove, do-it-for-you service (for a fee)
  • Free PDF walking through how to turn the feature on

They chose the free PDF

We sent off the instructions and told them to ask us if they had any questions.

We didn’t hear back until about 4 weeks after the meeting

The owner’s email was hacked. As we examined his IT environment and restored security, he started asking questions about a well-known anti-virus and threat-detection product.

We could have purchased and installed the software – we did not

You Cannot Be Reactive About Your IT

Reactive IT decisions rarely improve security, operations, productivity, or business in general. To see why, think about the client’s desire for enterprise-grade anti-virus and threat-detection software.

The client asked about a legitimately great product

Except that buying it would waste his money. The software is a poor fit for his business and will not prevent the issue from recurring.

The recommended MFA solution is built into his Microsoft 365 suite

When the assessment showed the client did not have MFA enabled, it automatically shot to the top of our high priority list because MFA is:

Highly effective

Even if hackers get your credentials, they do not have access to your second factor of authentication and remain locked out of your account.

Low, or no, cost

Your business probably already pays for it through Microsoft 365. Other versions are very affordable.

(Transparency note: Occasionally we recommend a different MFA solution, but in this case we knew the Microsoft version would achieve the security objectives for the client.)

The Timeline of a Hack With a Reactive Managed Service Provider (MSP)

Let’s quickly replay the scenario under different circumstances.

The business owner and MSP never meet to talk about aligning IT and business strategy.

At some point, the business owner’s email credentials are compromised and the organization is breached.

Post-hack, the business owner hears about a piece of cybersecurity software.

They angrily call up their MSP, wondering why they don’t have it. The MSP agrees it’s a great product.

The MSP purchases and sets it up on behalf of (and at great cost to) the client.

4 months later, another member of the C-Suite is dealing with an email breach.

The irate client calls the MSP.

They want to know how this happened, again, after the cybersecurity software was installed.

The MSP explains the software cannot stop hackers who have passwords.

That is what reactive IT yields – wasted money.

You purchase products your business does not need. Problems endlessly repeat because you do not resolve the root cause.

Stop reacting to IT problems

Use risk-informed decision-making (RIDM) instead.

3 Ways RIDM Protects Your Business and Your Budget

In risk-informed decision-making, you systematically consider the likelihood and potential impact of risks. Gathering and evaluating this data allows you to make informed choices, which benefits your business.

1. Address high-probability risks, not low-likelihood outcomes

At itSynergy, we’re focused on addressing the biggest risks our clients face first. We liken it to securing a house. There’s no point worrying about the unlocked window on the third floor if your garage and front doors are wide open.

2. Eliminate costly distractions

It’s easy to fall for a slick marketing campaign about the latest device or become convinced you need the highest-grade cybersecurity solution.

3. Experts advise you every step of the way

RIDM strikes the balance between an IT provider who leaves all decision-making to you and one who tries to dictate which services and processes you use.

You’re in the driver’s seat, but your passenger has a map

They’ve marked out the routes you can take and offer the pros and cons for each. You have full control, and all the information you need to make the right choice based on your circumstances.

Want To Delve Into Risk-Informed Decision-Making?

Read This Article

How Does itSynergy Use RIDM With Clients?

IT is only one part of risk management. To help clients fully navigate risk, we look at more than hardware or software. Our risk assessments evaluate 100+ different things across 17 broad categories:

  1. Backup
  2. Business
  3. Data Protection
  4. Endpoint Protection
  5. Environment
  6. Hardware
  7. Identity
  8. Internal Security
  9. Mobile/BYOD
  10. Network
  11. Perimeter Security
  12. Public Facing Services
  13. Remote Access
  14. User Security
  15. Vendors/Partners
  16. Vulnerabilities
  17. Wireless

Post-assessment recommendations are based on the findings

We carefully analyze the risks identified while keeping in mind our clients’ operations and budget. The result is a tailored set of relevant recommendations. We review the findings together and you decide what you will tackle and which risks you find acceptable.

Then our IT consultants work on the mutually agreed-on priorities.

Your IT Budget Is Finite, Use RIDM To Spend It Wisely

Are you ready to partner with an experienced technology professional who thinks holistically about your business? Someone who will help you focus on high-impact areas and make better decisions?

Call us to hear how we will put in place a logical, structured process that determines and prioritizes risks in the best way to protect your business and budget.

I’m Tired of Reacting to IT Problems and Wasting Money

Share
itSynergy

itSynergy

itSynergy has been providing managed IT services and outsourced technology management to small- and mid-sized businesses for over 20 years. We are seen as trusted technology advisors by clients because we partner with them for success. Our philosophy is that when technology works as it should, it supports and enhances an organization’s ability to accomplish its goals and objectives and meet business growth goals.