« Three Simple Steps to Getting More Leads From Your Vendors | Main | Stop Selling, Start Hiring »

Training and the Cryptolocker Crisis

In the past few days, it seems the Cryptolocker Crisis has again exploded on the scene. On the HTG forum and elsewhere, reports are emerging of a new variant of the ransomware that is unstoppable by many high quality, business-grade security solutions. These new variants of the malware are getting through firewall gateway scans, email security solutions, endpoint/host AV solutions, and even network based and DNS-related security measures.

This raises the obvious question: what the heck are we to do?

Unfortunately, most IT managers and MSP techs love to hunt down the latest widget to buy and to add yet another layer of defense. Alas, layered security today looks a lot more like Swiss cheese, than bullet proof glass. But why are we continuing to buy more and more hardware, software, and services, when in many cases the untrained user is the Achilles heal?

I empathize with every MSP today working to combat these security threats. Cryptolocker variants jeopardize data, impede business operations and productivity, and harm the livelihoods of many. However, we all need to look ourselves in the mirror and ask whether we are doing enough to train employee users.

What is the state of affairs with user training? I don't have any statistics to cite (yet), but it is incredibly poor.

Pick the software category: CRM; sync, share, and collaboration; secure remote access; anti-spam and spam quarantine; there are problems everywhere. In my experience, companies keep loading up on more and more software, cloud applications, and tools, but no one is training the users. In too many cases, base functionality is a mystery to users. What's worse, employee misuse of the software or innocent mistakes may lead to massive data corruption, rework, or data loss.

I am not pointing fingers. Here at eFolder, we have the same problems. We are adrift in a see of cloud applications and tools, and we are not doing enough to train, re-train, onboard, and upskill employees every day. The good news is, we know we have a problem and we are throwing time, resources, and management attention at the problem.

But what about the typical SMB client? They don't know where to go, unless their MSP leads them.

Here is the smoking gun on any MSP income statement: the revenue line from "Revenue - paid training." In most MSPs, the line has a big, fat goose egg next to it. This is a huge shame. Training should be a massive profit center for savvy MSPs, but for too many, training is given away for free as a value-add and done poorly and incompletely as a result. Just as often, software tools are deployed to clients and they go unused, under utilized, or misused, due to inadequate training. We know from first hand experience with eFolder Anchor, partners that train well during deployment succeed, while those who don't, don't.

If we spend money on technology, but don't train the user, productivity stalls and security is imperiled.

In my view, we need nothing short of a revolution in user training. It is crazy that there is all this hand wringing over the shift to the cloud. It doesn't matter where the application lives, if the user is poorly trained they will under utilize the tool and imperil productivity.

The security wizards are fast at work and Cryptolocker 3.0 will no doubt be stopped sometime soon. But defense in depth and layered security requires a well trained employee at the keyboard for security to be effective and complete.

To me, this spells big opportunity for the MSPs and solution providers that can focus on making training and user effectiveness a key part of their value proposition.


PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>