Across industries, providing customers with superior experience is essential for success. However, the financial services industry faces unique challenges relative to customer expectations. Chief among these is the unarguable fact that financial services organizations are consistently a top target for cyber threat actors, a reality that exists in tension with the #1 criterion customers use to evaluate financial institutions: security¹.

The Facts: Financial Services Industry and Cyber Threats

Year after year, cybersecurity research reveals the ugly facts. In 2020, the financial services industry was the #1 most targeted industry for cyberattacks². Ransomware attacks plagued the industry in 2021, with 74% of financial services institutions reporting attacks³. Statistics from 2022 show a continued trend of persistent targeting, as the financial services industry ranked #2 for number of data breaches across all industries⁴.

Recent research focusing on threat activity in 2022 revealed that distributed-denial-of-service (DDoS) attacks have become the biggest threat to financial services businesses. From 2021 to 2022, DDoS attacks on financial services companies rose 22% year-over-year, making the industry the most frequently targeted for this type of attack^5,6. Because DDoS attacks disable the targeted company’s IT systems, hackers often use these attacks to extort financial services firms.

The Challenge: Meeting Financial Customers’ Conflicting Demands

What cyber threat actors know about financial services firms is that system downtime sends a clear warning signal to customers. Getting a sense that their bank, lender, or investment firm has weak security can drive customers to close their accounts and switch to a competitor. This pressure can and does influence financial services companies to pay the cybercriminals to regain system functionality. Given that customers rank security as their top criterion for evaluating a financial services institution, it is understandable that financial services firms might go to these lengths.

Compounding the pressure on financial services companies is that some of their customers’ service expectations introduce security risks of their own. Customers increasingly demand access to their financial information through online and mobile platforms, with 61% of customers currently using some form of online banking each week⁷. Offering remote account access enhances customer experience, but at the same time increases the attack surface for threat actors. In other words, it gives hackers a higher number of possible points of entry into the customer’s account and the institution’s network.

Keeping up with customer expectations in the digital age can create conflicting demands on financial services institutions. Customers demand a high level of security from their financial institutions, and they also want mobile and online access for the best user experience possible. Meeting the demands of today’s financial customer requires a rock-solid cybersecurity program, discussed in the next section.

The Solution: A Cybersecurity Posture That Earns Digital Trust

Digital trust is earned by businesses that demonstrate a commitment to keeping customers’ data both private and secure. Key elements of a solid security program include:

• Identity & Access Management (IAM): IAM allows a financial institution to carefully guard remote access to its network and data. Because IAM includes explicit verification of users along with least-privilege access, it adheres to principles of zero trust security. Using measures such as multi-factor authentication (MFA) supports identity verification for both customers and internal stakeholders such as employees. Furthermore, controlling which parties (e.g., employees at different levels of authority or in different departments) can access what portions of the network also creates safeguards that protect against internal and external malfeasance.
• Security Information & Event Monitoring (SIEM): SIEM provides financial institutions with superior network protection because it uses artificial intelligence (AI) to analyze event log activity across an entire network in real time. When aberrant or suspicious behavior is detected within the financial firm’s network, SIEM tools immediately generate alerts. For example, one of the most frequent attack vectors in the financial services industry is web application attacks, which might go unnoticed by employees until the point at which severe damage is done⁸. But with SIEM’s early detection of aberrant activity, the financial institution is empowered to take control of the incident in progress and initiate response protocols as appropriate to contain the damage.
• Encryption: Another important component of a strong cybersecurity program for financial institutions is encryption. Customer data should be encrypted when it is stored, transmitted, or received, as this helps to protect data from unauthorized access.
• Security Awareness Training: Employee error is an ever-present concern across all industries, making regular security awareness training a must-have. Threat actors use constantly evolving tricks and tactics to gain unauthorized access to financial institution networks and customer accounts. Employees who participate in security awareness training learn about subjects like safe device and password practices, how to spot phishing and other social engineering attacks, and how to report potential threats for investigation.
• Incident Response Planning: In today’s world, businesses recognize that it’s not a matter of “if” a cyber incident occurs; it’s a matter of when. And when it happens, a ready-to-implement plan will be of the utmost importance. The plan needs to lay out the steps to take and in what order, such as powering down equipment, preserving evidence, and calling the authorities. There should be a clear plan for notifying any parties affected by the incident, including customers. The plan should also include provisions for notifying credit bureaus and customers if sensitive information like social security numbers is breached. Importantly, the most important security feature, endorsed by 56% of financial services customers as “extremely valuable,” was notification regarding social security number breach⁹.
• Compliance Assessment: Financial institutions may be subject to any number of security regulations, such as FINRA, SEC, or GDPR, to name a few. A security compliance assessment helps financial organizations to identify where they are out of compliance with applicable standards. With this understanding, recommendations can be made regarding cybersecurity policies, practices, and solutions to implement to cement compliance with applicable standards.

Selecting a managed service provider (MSP) is by no means an easy task, and it’s important to do your homework thoroughly before making the plunge into this new relationship. Factors like pricing and service level agreements may be obvious points to ask a potential MSP about, but nontechnical professionals often wonder if there are other important questions they’re overlooking as they choose an MSP. And, there may very well be!

We’ve compiled this list of 10 questions to help you dig a little deeper as you evaluate MSPs:

1. What is the managed service provider’s full service portfolio?

Although your business might just be shopping around for managed IT services at the moment, it is still a good idea to ask about the range of services an MSP offers. For example, do they offer cybersecurity? Cloud services? Data backup and recovery? IT procurement services? It is likely that your IT needs will change as your business evolves over time, and having a “one-stop-shop” for IT equipment and services is a major convenience that can be cost-saving as well.

2. Does the managed service provider offer customized plans?

Established service packages that are fashioned around common groupings of business IT needs are a great convenience, to be sure. But it is still important for MSPs to offer customized plans because pre-packaged plans may not fit every business’ specific IT needs. Customization options empower you to work with the MSP to create a service plan that is tailored to your business’ needs and preferences. This includes identifying the areas of your business that require the most support, determining the level of service you require, and ensuring that the services offered align with your business’ larger objectives. Importantly, a customized plan can also help your business to avoid paying for unneeded services, helping you to get the best value for your investment.

3. Does the managed service provider offer dedicated engineers?

Dedicated engineers provide a wealth of benefits, but not every MSP offers this option. So, make sure to ask about this specifically. By working closely with your business, dedicated engineers develop a deep understanding of your business operations, IT infrastructure, and goals. This allows the engineer to provide personalized recommendations and solutions that are tailored to your company’s specific needs. This familiarity also enhances communication and fosters a consistent and collaborative relationship between the engineer and your business.

4. Does the managed service provider offer both onsite and remote support?

Onsite and remote support have their own advantages and limitations, and many businesses require a flexible approach to IT support to meet their unique needs. Onsite support involves sending an engineer to the client’s location to provide hands-on support, while remote support involves providing assistance via phone, email, or remote desktop software. When you work with an MSP that offers both onsite and remote support, you have the flexibility to choose the type of support that best suits your needs. For example, if there is a hardware issue that requires physical access to the device, onsite support may be required. However, if the issue is software-related, remote support may be sufficient.

5. Do they offer a 24-hour help desk?

Help desk services play a crucial role in both fully outsourced and co-managed IT services. It is important to verify that the MSP does in fact offer help desk services and that this service is available 24/7/365. You never know when IT issues will rear their pesky heads, so having around-the-clock support is essential.

6. Is their help desk staffed internally or outsourced?

Also, take the time to ask about how they staff their help desk. This service may be outsourced by some MSPs, and in that case, you would have some additional homework to do to learn about the help desk contractor’s credentials, business practices, location, and business reputation. Internally staffed help desk teams are trained and managed according to the standards of the MSP, resulting in a more consistent experience for customers. Internal help desk staff for U.S.-based MSPs are also more likely to themselves be located within the U.S., which is another factor to consider.

7. Are there co-management as well as outsourcing options for managed IT services?

Although fully outsourcing IT management is an ideal option for many businesses, a great number of businesses prefer a co-managed IT arrangement. Co-management options allow your business to have greater control over your IT infrastructure while still receiving the support and expertise of the MSP. Co-management options typically involve the MSP working closely with your in-house IT team to provide support and guidance, while allowing your business to retain control over certain aspects of its IT operations. This can be especially important for businesses that have complex IT infrastructures or that require a high level of customization.

8. Can the managed service provider assist your business with strategic IT planning?

Technology now occupies a central role in business strategy. As IT continues to advance, businesses need to keep up with its evolving capabilities in order to stay competitive. To get the most out of your IT, it is important to partner with an MSP who can provide guidance on strategic uses of technology. An MSP who is prepared to support your business with strategic IT planning will offer a collection of strategic services, such as assessments, technology roadmapping, budget planning, vendor management, and training and support services.

9. Who are the managed service provider’s technology partners?

In addition to learning about the services and solutions the MSP offers, be sure to ask who their technology partners are. It is important that technology partners are well respected in the industry, and it can be especially beneficial if the MSP offers a diverse portfolio of technologies. A diverse range of solutions partners allows the MSP to tailor solutions to meet your business’ specific needs. This ensures that your business receives the most appropriate solutions and services for your business, and can help you optimize your IT infrastructure and operations.

10. What professional certifications do their staff possess?

Another important area to ask an MSP about is professional certifications among their technical staff. Certifications demonstrate that the MSP possesses a high level of expertise and knowledge in specific areas of technology and with specific technology manufacturers (e.g., Microsoft, Cisco). Certifications reflect an MSP’s ability to meet certain quality standards, such as best practices, security protocols, and compliance regulations. Certifications often require MSPs to keep pace with industry trends and best practices. This can help MSPs stay ahead of the curve and provide your business with the most innovative and effective solutions and services.

According to the Merriam-Webster Dictionary, “revolution” is defined as “a sudden, radical, or complete change,” or “a fundamental change in the way of thinking about” or using something, which can include widespread changes in usage of and preferences for technologies¹. Cloud computing—including hybrid and multi-cloud models—represents a major change in the way businesses think about their IT infrastructure, as well as how they harness it to get the job done. It is unquestionably a revolution!

Still, you might wonder whether joining this revolution is the right move for your business. And if so, you’re in plentiful company. Although most small and medium-sized businesses (SMBs) have dipped their toe in the water of the cloud computing revolution, using software-as-a-service (SaaS) applications here and there, a full 63% of small and medium-sized businesses (SMBs) still rely heavily on on-premises servers for their computing needs².

Why adopt hybrid or multi-cloud computing? Here are six compelling reasons:

1.  Accessibility

One of the most revolutionary aspects of cloud computing is that it enables organizations to access their IT resources from anywhere with an internet connection. This means that employees can work remotely or from different locations without the need for a physical office or traditional network infrastructure. For many employees, the days of commuting to the office every day in rush hour traffic are over—talk about a revolution!

2.  Continuity & Disaster-Proofing

Cloud computing can also improve availability because cloud providers typically have redundant systems in place to ensure that services are always available. You can also integrate data backup and recovery solutions that ensure that your data are regularly backed up and retrievable in the event of disaster. Maintaining infrastructure redundancy and off-network backups in a traditional on-premises IT environment is much more costly and time-consuming in comparison.

3. Easy Scalability

Cloud computing allows businesses to quickly and easily scale their IT resources up or down based on their needs. This makes it simple and convenient for companies to adjust their computing resources to match their workload. With on-premises IT, businesses have to purchase, install, and manage additional hardware when their resource demands increase. This can be challenging to accomplish quickly, which is why more and more businesses are taking advantage of cloud computing for workloads that are prone to rapid usage changes, such as order processing systems.

4. Cost Savings

Cloud computing can be more cost-effective than traditional on-premises infrastructure because it eliminates the need for businesses to purchase and maintain their own hardware. With on-premises hardware, companies need to pay additional costs associated with IT support staffing, repairs, and energy consumption. When you contract with a cloud provider, they handle all of the housing, upkeep, repairs, and other overhead. Your business pays a fee for this service, but cloud providers can take advantage of economies of scale, passing along lower costs to customers. Overall, migrating to the cloud can reduce your total cost of ownership by 30-40%³.

5. Hybrid Cloud Flexibility 

While the above benefits can be experienced with cloud computing more broadly, there are unique benefits to hybrid and multi-cloud models. Hybrid cloud computing allows your business to choose which workloads to keep on-premises and which to migrate to the cloud. This flexibility allows you to design a unique infrastructure around your business’ specific needs. Say, for example, you have a legacy ERP that needs to be hosted onsite, but you’d like to host customer service and ordering software in the cloud. You can do that! With a hybrid cloud model, you get the best of both worlds.

6. Multi-Cloud Flexibility

With a multi-cloud model (and yes, you can set up a hybrid, multi-cloud infrastructure), you have the flexibility to use public cloud services from multiple providers, which means that you don’t get “locked in” with a single public cloud provider. Your business can use marketing software hosted by one cloud provider, but use a CRM hosted by another provider. The big perk here is that you can choose which cloud-hosted software solutions are the best fit for your business, without being limited to one single public cloud provider.

The hybrid and multi-cloud approach has gained popularity in recent years as organizations look for ways to optimize their IT infrastructure and take advantage of the benefits offered by different cloud providers. When you compare cloud computing with the traditional onsite computing models of yesteryear, it’s clear that hybrid and multi-cloud computing are truly revolutionary!

We’ve all been there at least once. You’ve developed a nice stable relationship with your technology—say, your computer, or your cell phone, or your laptop. And then someone comes along and says, “Oh wow, you’ve got to update that thing!”

And you blanch. You’re aware of your device’s weaknesses, sure, and you know there are newer models on the market that might seem snazzier or more sophisticated. But you know your device so well and don’t see any reason to update if it’s still working for you. It may be old and slowing down somewhat, but what’s the worst that could happen?

The truth is that “the worst that could happen” can be pretty extreme, so we’ve compiled this list to clarify the true risks to your business of using outdated technology. Read on…

Cyberattacks

We put this one at the top of the list because it’s one of the worst things that can happen to a business that continues using outdated IT. Both software and hardware eventually reach the point at which they are no longer supported by the manufacturer, meaning they no longer issue security updates and patches. Unpatched vulnerabilities can open the door to ransomware attacks, data breaches, data loss or destruction, and other security issues that can affect everyone from employees to partners to customers. The remediation costs alone (e.g., restoring systems, replacing lost data) average $139,000 for small and medium-sized businesses (SMBs)¹. On top of that, many companies face lawsuits from employees when sensitive data is leaked, as well as lost business due to a damaged reputation.

Decreased Productivity

It is often the case that computers slow down little by little, which can make their gradually slowing speeds seem normal. But when compared with the faster speeds of new technology, the slowness of outdated IT can be striking. And it’s more than just an annoyance. Think about every time you open or move a file, initiate an action in an application, or search for information in your network or on the internet. If each of these actions results in a delay while your IT chugs along at a snail’s pace, it can add up to a lot of lost productivity over the course of the workday.

Increased Downtime

Aging technology is more prone to breakdowns and failures, which increases your business’ risk of downtime. For example, when an employee’s old computer crashes and refuses to reboot, this can create downtime for that employee until they obtain another working device. Now, imagine that it wasn’t a computer that crashed but an entire server. That is going to create downtime that affects a large number of employees and could even impact sales and service to customers. For the majority of SMBs, downtime costs $10,000 to $50,000 per hour².

Compatibility Issues

 Software is constantly evolving, resulting in ever-increasing system requirements. Outdated computers and servers may not be able to keep up with newer software or hardware, leading to difficulties in integrating new technologies. This places you at a disadvantage, as it limits your business’s ability to adopt new technologies and processes that your competitors may already be using.

Higher Costs

This last point is a bit ironic, because many of us have avoided updating our old IT to be frugal. But using outdated technology can actually end up raising your costs. When technology ages, it needs more maintenance and repairs to keep running. Another consideration is that older IT is often less energy-efficient than more recent models, leading to higher electricity bills and increased operating costs.

Overall, the worst that could happen if your business uses outdated IT is that you risk falling behind your competitors, losing productivity, facing security breaches, and incurring higher costs. To avoid these risks, it is important to invest in up-to-date IT infrastructure and regularly update your software and hardware.