Continuous learning is part of the Integris company culture

Integris is a large Managed Services Provider (MSP) with offices throughout the East Coast, Midwest and South. Integris successfully works with over 1,800 clients across multiple highly-regulated industries in a dozen states. The organization began in the legal sector, providing IT for law offices that needed high-end IT consultation and productivity tools. Following significant growth through organic sales and acquisition, Integris added manufacturers, healthcare clients, and government contractors to their management portfolio, where they help with advanced regulatory compliance services. A 2022 merger with CalTech, a 200-person MSP dedicated solely to serving community banks and credit unions.

Integris built a dedicated security-focused engineering team within its base of 650 employees. “We're very proud of the virtual chief information security officer practice we are developing here at Integris. We feel that it is a game-changer among our industry peers because it allows us to be both an MSP and an MSSP [Managed Security Service Provider]. Clients can come on board with us for just MSP services, but if they have significant cybersecurity issues, or if they're bound by regulatory review, we provide them with additional strategic cybersecurity services,” says Integris CEO Rashaad Bajwa.

Integris has a team of several CISSP-certified vCISOs working with clients nationwide. They conduct thorough cybersecurity assessments, provide monthly cybersecurity monitoring, set strategy and budget around cybersecurity, run reports for regulators, and create each client’s overall cybersecurity infrastructure plan. Bajwa explains, “This [service] provides tremendous value for our clients because we can provide advanced cybersecurity consulting services at a scale they can afford. We believe this is the future of MSP consulting because clients need more advanced help than ever before. We're proud to be at the forefront of this change.”

Cyber threats never slow down, and the number and severity of cybersecurity attacks against businesses continue to increase. What used to be a problem for the largest companies has become urgent for Main Street. “Hackers are starting to realize that smaller companies are less protected and make easy and lucrative targets. That's why security awareness training is critically important, no matter your company size. The good news is that wonderful companies like Infosec make it easy for MSPs like us to offer scalable, affordable plans for our clients. At the prices we’re able to offer security awareness training, there's really no excuse for a company to skip it. The programs are easy to administer, the tests are easy to take, and the results speak for themselves. If you can harness your employees to help your cybersecurity effort, why wouldn't you? They are the best eyes and ears you have,” says Bajwa.

All employees at Integris are very open to training opportunities, and continuous learning is a central part of the company’s culture. “We use all the same security training products we sell to our clients. After all, why wouldn't we walk our talk? It's been a tremendous benefit to us, and we wouldn't consider running without it. We run the Infosec security awareness training program for our team, which has been very effective. We have the Phish notify function that we've incorporated into our Microsoft Outlook program, which continues to yield great results. Nearly all our training is done online, so we have good record-keeping and tracking of scores. It’s a key metric for our cybersecurity efforts,” Bajwa shares.

It's not unusual for an employee to message Bajwa asking if the latest phishing attempt is a test or if it's real. Sometimes it's difficult to tell because the simulations are so realistic. “It's opened the eyes of people in our organization to the depth, breadth, and creativity of today's modern-day hacks. I believe that makes us more careful as employees with our company data and more aware when dealing with our clients’ systems. It's a win-win for everybody involved,” says Bajwa.

Since implementing security practices in their clients’ programs, the biggest change Integris has seen is in their clients’ willingness to invest. Previously, clients would decline security awareness training because they believed only the largest companies needed advanced cybersecurity systems. Integris doesn’t hear that argument much anymore, as ransomware is now one of the largest worldwide revenue generators, exceeding the gross domestic product of many well-established Western nations. Its impact on world economies and the danger it poses to every company of every size is tremendous.  

Because of these increasing threats, getting clients to buy into a security awareness training program is much easier. They're also more likely to purchase advanced tools like endpoint detection or content filtering. Remote work has also been a major driver of change. Companies can no longer operate in a closed, completely secure environment, so they have to take more measures to secure their mobile/remote endpoints. 

Bajwa says, “We're very fortunate at Integris to have a deep bench of cybersecurity talent. That means everything we sell, we're able to enjoy ourselves. We continuously review all the vendors and software products we add to our internal systems. Patching is a new religion for us. And we're continuously monitoring our systems, looking for patterns in incursion attempts and the reports generated from our cybersecurity monitoring tools. We receive regular reports from our employees through our PhishNotify system, and we require all our employees to take their regular cybersecurity training courses — even our most senior cybersecurity staff. “

When asked about a critical piece of advice that Integris instills in their security practices, Bajwa says, ”Listen to your instincts. If something seems off or too good to be true, there's a good chance it's a phishing attempt. If you have any doubts, ask before you click that link.” He continues, “We have a concept here at Integris called Responsible IT Architecture, and we consider security awareness training an important part of it. We strongly encourage every client to purchase security awareness training—even the smallest companies. We suggest it because it's easy to implement and it's scalable. There's no denying companies of every size are affected by hack attempts. Security training is one important piece of the armor you need to protect yourself.”

Integris is a Channel Partner of the Year finalist in the 2022 Infosec Excellence Client Awards. The Channel Partner of the Year Awards recognize partners that are integral to Infosec’s Channel Program. This award celebrates the successes of Infosec’s top-performing partners and promising new partnerships. The recipients are partners who deliver consistent growth and go above and beyond to deliver value to their clients. These partners also strive to enable their sales leaders to be well-positioned to promote Infosec products.