As a business owner, you might be tempted to entrust your website developer with managing your domain registration and DNS hosting. After all, they are experts in web development and can help you choose the right website host for your business. However, in my experience, this is not a good idea. In this blog post, I will explain why you should not let your website developer manage your domain registration and DNS hosting.

DNS is an attack surface for threat actors.

DNS is an essential component of your online presence. It is responsible for translating domain names into IP addresses, which allows users to access your website. However, it is also an attack surface for threat actors. Cybercriminals can use DNS to launch various attacks, such as DNS spoofing, DNS hijacking, and DNS amplification attacks.

In my experience, web development shops do not have adequate security controls around managing Registrar and DNS accounts. It is not uncommon for web developers to manage many domains for multiple customers in one account to which many people have access. This makes it easier for cybercriminals to compromise your DNS and launch attacks against your website.

Web developers typically do not fully understand DNS.

While web developers are experts in web development, they do not all fully understand DNS. Those who don’t understand the complexities of DNS may inadvertently make mistakes and misconfigurations that can affect your email, remote access, network connectivity, and overall IT security.

Web developers are rarely available evenings and weekends.

DNS changes may be required outside of regular business hours, such as during office moves or network infrastructure changes. Unfortunately, web developers are rarely available evenings and weekends. This can cause delays and disruptions to your business operations.

Your domain names are your assets,

Your domain names are your assets, and you should maintain control of these assets. By letting your website developer manage your domain registration and DNS hosting, you are relinquishing control of your domain names. This can lead to issues if you decide to switch website developers or if your website developer goes out of business.

In conclusion, you should not let your website developer manage your domain registration and DNS hosting. While they may be experts in web development, they may not have the necessary skills, knowledge, and experience to manage DNS effectively. Additionally, your domain names are your assets, and you should maintain control of these assets. By managing your domain registration and DNS hosting, you can protect your business from cyber threats and ensure that your website is always available to your customers.

Cybersecurity is one of the most critical concerns for small business owners today. A single cyber-attack can bring down a business, causing financial losses, reputational damage, and even legal liabilities. Business owners increasingly turn to cyber insurance policies to help mitigate cyber risk. These policies transfer some risk by providing resources, such as money and services, to deal with data breaches, network outages, and cyber extortion. However, cyber insurance is rarely sufficient to deal with the havoc that can ensue when a small business experiences an incident or breach.

Cyber insurance applications can teach small business owners a lot about effective cybersecurity risk management. Cyber insurance applications have grown from a few questions to many pages of questions as carriers seek to better assess risks based on the cybersecurity posture of their customers. This blog post will explore the key lessons that small business owners can learn from the questions asked on a cyber insurance application.

Current cyber insurance applications focus on the following topics:

  1. Endpoint Management
    Endpoint management refers to the management of laptops, desktops, servers, and mobile devices. Cyber insurance applications focus on endpoint management because endpoints are often the entry point for cyber attackers. Implementing endpoint management practices such as vulnerability scanning, patch management, and device encryption.
  2. Phishing Prevention
    Phishing is a type of cyber-attack where attackers use social engineering techniques to trick users into divulging sensitive information such as login credentials or credit card details. Phishing attacks are widespread and can be devastating for small businesses. Cyber insurance applications focus on phishing prevention because it is one of the most common types of cyber attacks. Small business owners can implement phishing prevention measures such as employee training, email filtering, and multi-factor authentication.
  3. Identity Management
    Identity management refers to managing user identities, access rights, and privileges. Identity management is critical for ensuring that only authorized users can access business data and networks. Cyber insurance applications focus on identity management because compromised user credentials are a common entry point for cyber attackers. Small business owners can learn from this and implement identity management practices such as password policies, enterprise password managers, user access control, and single sign-on (SSO).
  4. Data Backup Solutions
    Data backup solutions refer to the process of creating copies of business data and storing them in a secure location. Data backup solutions are critical for ensuring business continuity during a cyber-attack or other disaster. Cyber insurance applications focus on data backup solutions because they are critical for mitigating the impact of a cyber-attack. Application questions center around the segregation of backups because insurance companies know that cybercriminals will delete or encrypt backups if they can access systems. Small business owners can learn from this and implement data backup solutions such as cloud backup, offsite backup, and developing disaster recovery plans.
  5. Endpoint Detection & Response
    Endpoint detection & response refers to the process of detecting and responding to security incidents on endpoints through software and monitoring services. Endpoint detection & response is critical for detecting and responding to cyber-attacks before they cause significant damage. Cyber insurance applications focus on endpoint detection & response because it is a critical component of effective cybersecurity risk management. Small business owners can learn from this and implement endpoint detection & response measures such as threat hunting, incident response planning, and security monitoring.

The good news is that most IT-managed service providers and managed security service providers offer services to cover 100% of the risks cyber insurance companies focus on. If you cannot mitigate your cyber on your own, fast-track your risk mitigation and insurance readiness by contacting a managed security service provider like Go West IT.

Go West IT turns 13 today, and as we reflect on how far we have come, we want to thank our talented team, supportive vendors, and amazing customers for joining us on this incredible journey.

In these 13 years, Go West has gone from a small 4-person IT company to a robust 40+ person cybersecurity obsessed Managed Service Provider. While every step along the journey is significant to who we are and where we are going, we have laid out some of the stand-out moments.

May 15, 2010 – Go West IT was founded with four employees and a handful of great customers.

2011 – Go West IT makes a concerted shift from supporting and recommending on-premises server infrastructure to exploring a cloud infrastructure alternative.

2012 – Go West experiences significant growth in its customer base, including a concentration of customers in the financial services space.

2015 – Go West IT moves into new office space to accommodate a growing staff and to meet the support and cybersecurity needs of the company’s growing customer base.

2015 – Go West IT completes an extensive infrastructure “lift and shift” from a private data center to a public cloud (Azure) for a new customer.

2015 – After identifying and calling out a supply chain security weakness, Go West IT becomes a Microsoft Direct Cloud Solution Provider (CSP), a status normally available only to much larger organizations.

2016 – Go West IT engages an audit firm to prepare its first SOC 1 Type II audit.

2016 – Go West IT hires the company’s first full-time technical account manager(s), MSP Administrator, and adds multiple technical manager roles.

2017 – Go West IT completes the company’s first SOC 1, Type II, and SOC 2, Type II audits

2017 – Go West IT was recognized as Microsoft SMB West Region Azure Partner of the Year at Microsoft’s annual partner convention.

2017 – Go West IT adds additional office space as staff and customer base continue to grow.

2017 – Go West IT starts shifting from a traditional Value-Added Reseller and “Break-Fix” IT support provider to an IT Managed Service Provider.

2018 – Go West IT doubles down on cybersecurity focus and begins implementing cyber-specific managed service offerings to combat a growing threat.

2019 – Go West IT has another significant growth spurt and builds a leadership team to guide the company through the next phase of growth and development

2020 – Go West IT executes a new lease for expanded office space in January 2020, and the CEO moves into the new space, designed for 50, in May 2020 while most other employees work from home.

2020 –Go West IT’s customer base is particularly well-positioned to deal with the pandemic because they have moved to cloud-centric platforms or previously built solid and secure remote access solutions.

2021 – Go West IT experiences modest growth through the pandemic while maintaining the exceptional staff built in the prior decade with no layoffs and no disruption to operations.

2022 – Go West IT completes the sixth straight successful SOC2, Type II audit and sees another surge in customer and revenue growth.

2022 – Go West IT promotes Tom Hynek to the role of President, the first time this role has been held by someone other than the Founder.

2023 – Go West IT is the MSP of choice in the Denver market with customers across the United States and beyond. Go West IT has a staff of 43 with two open positions at the time of this re-cap.

At Go West IT constant improvement is one of our core values, so we know that this journey is just beginning. We are looking forward to continuing our mission of helping companies benefit from technology by guiding them to opportunities and protecting them from harm.

Join us in celebrating 13 years of Go West IT!

Microsoft Teams is a collaboration platform that provides users with a wide range of tools to communicate and work together effectively. One of the key features of Microsoft Teams is the ability to integrate and manage Microsoft SharePoint storage. Here are some reasons why Microsoft Teams is a great tool to manage Microsoft SharePoint storage:

  1. Permissions Management: SharePoint fails often come down to folder structure and permission management mistakes. Teams makes SharePoint file structure and user permissions a snap for less technical users. Simple add or remove users from a “Team” to grant or remove their ability to access the files for that Team.
  2. Seamless Integration: Microsoft Teams integrates seamlessly with SharePoint, making it easy to access, store, and share files. Users can access and collaborate on SharePoint files directly within Teams, without having to switch between different applications.
  3. Easy Sharing: Microsoft Teams makes it easy to share SharePoint files with other users within an organization. Users can easily share files and folders with others, collaborate on projects, and track changes to documents in real-time. For users who prefer the “old school” approach of accessing files using Explorer, simply “sync” a SharePoint folder to your Explorer using OneDrive (Microsoft’s built-in personal storage and sync tool).
  4. Centralized Storage: SharePoint provides a centralized location for storing files, which can be accessed from anywhere within an organization. Microsoft Teams provides a convenient and user-friendly interface for accessing and managing SharePoint storage, making it easier for users to find the information they need.
  5. Improved Collaboration: Microsoft Teams makes it easier for teams to collaborate on projects and share information. Users can use Teams to have real-time conversations, make comments on files, and share updates on projects. This can help improve collaboration and increase the productivity of teams.
  6. Secure Storage: SharePoint provides secure storage for files, which helps to protect sensitive information. Microsoft Teams adds an additional layer of security to SharePoint by providing a secure platform for communication and collaboration. A Microsoft 365 backup solution added by your Managed Service Provider provides peace of mind that your data is protected in the event of inadvertent or malicious deletion.

The seamless integration between Teams and SharePoint, combined with the ease of permissions management, file structure design, sharing, centralized storage, improved collaboration, and secure storage, make Teams a valuable tool for organizations looking to manage their SharePoint storage effectively. Contact Go West IT to help you leverage your Teams solution.

Choosing a Managed Service Provider (MSP) can be a critical decision for a business. MSPs provide essential IT services to help businesses manage their information systems and data effectively, and to provide protection from harm found in the digital frontier. To ensure that a business selects the right MSP, it is important to consider the MSP’s security posture, SOC 2 Type II audit, service offerings, and end user support capabilities. 

Here are 4 factors to consider when choosing an MSP: 

  1. Security Posture: A business should look for an MSP with a strong security posture. This means that the MSP has robust security protocols, systems, and processes in place to protect their own systems and their customers. A business can assess an MSP’s security posture by asking some simple questions.
    • First, ask if they use all the products and services they recommend to their customers. 
    • Second, ask them to describe how they manage security of their systems and look for indications that they have a process in place for continual review & improvement (i.e., assessments, policy review and updates).
    • Third, ask about how they are prepared to deal with a potential breach of their systems or a breach of a customer’s environment. If they can talk through the answers clearly with substantive examples, chances are, they spend time working on it internally. If the MSP stumbles and cannot provide substantive answers, ask to speak with someone further up the chain of command and if you can’t get good answers, look elsewhere. 
  2. SOC 2 Type II Audit: An MSP’s SOC 2 Type II audit provides assurance that the MSP has the necessary security controls and processes in place to secure the data and systems of their clients. This audit is conducted by an independent auditing firm and provides a thorough assessment of the MSP’s security posture. Not every MSP will have a SOC 2, Type II audit. Those that do have made significant investments in controls and are audited annually on the adequacy of their controls and how well they adhere to the controls throughout the one-year audit period. 
  3. Service Offerings: A business should consider the services offered by an MSP to determine if they meet the business’s needs. For example, the MSP should offer device patching, endpoint monitoring and management, and data backup and recovery services. Talk about what labor is “in-scope” and what labor is “out of scope”. Figure out if the bundle of service an MSP offers fits with the needs of the business. Can the MSP articulate what is included, or does the MSP struggle to justify the value of their services. An MSP with a higher price per device or higher price per person might have a more robust service offering (bundle) that includes things other MSPs might tack on after the sale.   
  4. End User Support Capabilities: A business should look for an MSP with strong end-user support capabilities. This means that the MSP should be able to provide fast, efficient, and effective support to the business’s employees. The MSP should also be able to effectively provide remote support to resolve issues quickly. Ask about how the deal with calls outside of normal business hours.  

By considering the MSP’s security posture, SOC 2 Type II audit, service offerings, and end-user support capabilities, a business can ensure that it selects an MSP that meets its needs and provides essential IT services, including security, to help manage its information systems and data effectively. 

With so many options to choose from, it can be difficult to select a new PC or laptop that will meet your needs and perform reliably over the next few years. You may be familiar with the terms “business class” and “consumer grade” hardware but are not entirely certain of the differentiators. We have provided an accessible list that will help you and your users identify which choice is better for your organization.

Business Class Hardware

  • Business class hardware is built to withstand the rigors of a full work week. PCs and Laptops are built using the same components throughout the lifecycle of each model.
  • Laptop battery life is optimized to last throughout the workday. 
  • Business class hardware is highly configurable and built to last, including 3-year on site hardware warranties. 
  • Laptops are fully compatible with business class docking stations, providing access to dual monitors, additional ports, and charging.

Consumer Grade Hardware

  • Consumer grade hardware is designed to meet a specific price point set by the manufacturers marketing department. 
  • Components will vary based on availability. and configurations are limited to a few specific options (price points). 
  • Often loaded with unnecessary applications, trials, and demos (bloatware), these models will require additional setup time to remove those sometimes dozen or more unrequested applications. 
  • Consumer grade hardware typically includes a 1-year “mail-in” warranty vs 3-year onsite service.

While selecting a consumer grade product can appear more practical for your budget, it can end up costing the company more in the long term. If you are looking to buy new hardware for your company and are unsure which models will work best for your users, Go West IT maintains partnerships with Dell, Microsoft, Lenovo, and other business class hardware vendors. Our account manager and procurement team are here to ensure that your company acquires the right tools for your specific needs. Please reach out with any specific questions or hardware requests. Acquiring the proper equipment will help to ensure lower support costs over the lifetime of the hardware.

August 1, 2022 – Go West IT is pleased to announce the promotion of Tom Hynek to the role of President. In this new role, Tom will oversee daily operations, service and product development, as well as facilitate continued collaboration and growth of the Go West IT team.

Since joining Go West IT in 2017, Tom has quickly advanced through positions with progressively more responsibility. He has demonstrated strong leadership skills, excellent character and is poised to guide Go West IT into this next phase.

I’ve thoroughly enjoyed my first 5 years at Go West IT and I’m thankful for the opportunity to continue to watch our talented team evolve and seek out challenges in an ever-changing cybersecurity landscape,” said Hynek. “I’m proud to work with a team that truly lives and breathes our core values, while supporting and protecting our customers.

Tom succeeds David Lewien, Go West IT’s founding President, who will shift into a new role as CEO, focusing on strategy and business development. David will remain deeply involved in stewarding Go West IT into the future.

I am appreciative of what Tom has already done for Go West IT and excited for what he will bring as our President,”  said Lewien. “I look forward to continuing work as our CEO, shoulder to shoulder, with our leadership team to make Go West IT the very best MSP, period. This is an incredible group of people focused on empowering people, solving problems, and protecting livelihoods.

At Go West IT, our mission is to guide customers through secure digital transformation by providing access to industry leading platforms and highly skilled technical resources. We succeed at this mission by embracing constant improvement, a willingness to tackle tough challenges, and caring about our people and customers.

With that, please join in congratulating Tom on this new role.

Did you know that every business is at risk for a cyberattack? The only difference is how much risk and what impact it will have to your customers and employees.

No matter the extent to which your business is at risk, all organizations should be aware of the potential dangers and take measures to mitigate these dangers. Many business owners know they are at jeopardy but are unclear on what steps they should take. Refusing to act leaves the business, employees, and your customers vulnerable.

Even if the possibility that your business experiences a cybercrime is low, we encourage you to not take it lightly. Attacks are increasing in efficiency, sophistication and spread. Cyber criminals are rarely pursued or caught, due in part to both the sheer volume of crimes relative to criminal justice resources, and often the lack of awareness from businesses that they have even been attacked.

At Go West IT we help our customers mitigate these attacks every day and have firsthand knowledge of the fallout some organizations experience. Executives, managers, and even IT professionals often discount the risk, or decline to address it further.

This article identifies the top 5 reasons why businesses ignore their cyber risk, along with actions that your business can take despite these barriers.

Download the full article here.

Contact Go West IT today to learn more about how our team can assist your business tackle cyber risk.

It was not that long ago that cyber insurance was something only purchased by large companies with a heavy reliance on data processing. Today, cyber insurance is something that many small businesses carry, and every small business should consider. If a business has the support of a cyber insurance carrier it creates a safety net in the wake of a cybercrime incident.

Cyber insurance claims most often result from a business falling victim to cybercrime such as ransomware, data theft, or payment fraud. In these situations, the cyber insurance carriers should be brought to the table as soon as possible. Cyber insurance carriers create policies to include resources in the form of services to help minimize potential losses. These services include incident response, forensic investigation services, remediation, business resumption services, and even ransomware negotiation services. They do this because they understand that the manner in which a business responds to an incident can help minimize potential loss.

Cybercrime events can take a heavy toll on business operations, along with a substantial mental toll on business leaders, most of whom do not possess the skills and tools required to deal effectively with a cyber incident. Go West IT has experience dealing with cyber events both with the aid of an insurance carrier and without and have seen the difference that having an insurance company in your corner can make. It can turn a stressful and potentially costly event into a manageable business obstacle.

Check out Go West IT’s full article regarding cyber insurance.

Cyber Insurance article thumbnail

Contact Go West IT for more information.