We recently returned from a conference attended by over 1200 IT MSP providers from around the World and one of the speakers was Marcus Lemonis (The Profit) who explained that he did not fully understand how valuable IT MSP Providers were, until his company Camping World got hit by a Cyber Security Incident.

He then realized, that despite their best efforts, it’s not a matter of IF you get hit, but WHEN you would get hit.

At Impress Computers we have been building up a Cyber Security Stack and have a multi Layered defense system for our MSP contract customers.

  • Identify problems with our RMM Tools and 24/7 Technicians
  • Protect them with our SentinelOne Anti Virus
  • Fully Enabled Firewalls
  • Email Filtering and Ai Security
  • Phishing Training for Employees
  • Zero Trust Software by Threatlocker
  • Followed by our EDR – End Point Detection and Response 24/7 SOC
  • Backed up by a local and Offsite Backup Disaster Recovery Module by Acronis

If you would like to schedule a FREE Security Assessment then you can find out more here https://www.impresscomputers.com/sittingduck/ 

 

Marcus Lemonis

https://www.marketwatch.com/investing/secfile/15596178

We and our third-party providers experience cyberattacks and security incidents from time to time. For example, in February 2022, we announced that we were experiencing a cybersecurity incident (the “Cybersecurity Incident”) that resulted in the encryption of certain IT Systems and theft of certain data and information. The Cybersecurity Incident resulted in our temporary inability to access certain of our IT Systems, caused by the disabling of some of our IT Systems by the threat actor and our temporarily taking certain other IT Systems offline as a precautionary measure. We engaged leading outside forensics and cybersecurity experts, launched containment and remediation efforts and a forensic investigation, and are working on restoring and enhancing the security of our IT Systems. We are also coordinating with law enforcement. We are in the early stages of this incident and have not determined the full scope or content of our lost or stolen data. We have and expect to continue to incur incremental costs for the investigation, containment and remediation of the Cybersecurity Incident, including legal and other professional fees, and investments to enhance the security of our IT Systems. The containment, investigation, remediation, legal and other costs may exceed our insurance policy limits or may not be covered by insurance at all. We have not yet determined if the Cybersecurity Incident will cause future disruptions to our business or how long such disruption could last. We have also not yet been able to estimate the incremental costs resulting from the Cybersecurity Incident, which are expected to adversely impact our future financial results. Other actual and potential consequences include, but are not limited to, negative publicity, reputational damage, lost trust with customers, regulatory enforcement action, and litigation that could result in financial judgments or the payment of settlement amounts and disputes with insurance carriers concerning coverage.

Despite our security controls and measures, we are vulnerable to threats resulting from malware (for example, ransomware), viruses, misconduct by external or inside actors, social engineering, human error by associates and contractors, as well as from bugs, misconfigurations and vulnerabilities in our software code. We are also vulnerable to further successful cyberattacks, security breaches and disruptions to our IT Systems and our electronic data and information assets, in addition to damage or interruption from earthquakes, acts of war or terrorist attacks, floods, fires, tornadoes, hurricanes, power loss and outages, computer and telecommunications failures and similar incidents. Some of our systems are not fully redundant, and our disaster recovery planning cannot account for all eventualities. The COVID-19 pandemic has also presented additional operational and cybersecurity risks due to the prevalence of work-from-home arrangements.

We expect cyberattacks to accelerate going forward. Threat actors are becoming more sophisticated and difficult to anticipate or deflect as they increasingly use tools and techniques designed to circumvent security controls, to avoid detection, and to remove forensic evidence that may be needed to effectively identify, investigate and remediate attacks. Any errors or vulnerabilities in our IT Systems, damage to or failure of our IT Systems, or significant breach of club member, customer, employee, supplier, or company data, could result in interruptions in our services, noncompliance with certain regulations, substantial negative media attention, damage to our club member, customer and supplier relationships and our reputation, exposure to litigation (including class actions), regulatory investigations, and lost sales, fines, penalties, lawsuits, and increased remediation costs, any or all of which could have a material adverse effect on our business, financial condition and results of operations. Any remediation measures that we have taken or that we may undertake in the future in response to the security incident announced in February 2022 or other security breaches may be insufficient to prevent future attacks.

In addition, the regulatory environment surrounding information security and privacy is increasingly demanding, with the frequent imposition of new and constantly changing requirements across our business. In addition, customers have a high expectation that we will adequately protect their personal information from cyber attack or other security breaches. A significant breach of club member, customer, employee, supplier, or company data could attract a substantial amount of negative media attention, damage our club member, customer and supplier relationships and our reputation, and result in lost sales, fines and/or lawsuits, and new laws such as the CCPA impose statutory damages for certain types of data breaches that affect the personal information of consumers.