2014 was a busy year for security breaches, and unfortunately, it looks like 2015 is on a quest to top it. This year has already seen Chick-Fil-A, Morgan Stanley, and insurance giant Anthem Inc. feel the agonizing sting of breached IT systems. Managed service providers build their very existence on helping clients simplify the complexities of IT and capitalize on the strengths of their business. The most recent rash of breaches suggests that they should be lending a hand with security as well.
For MSPs, the issue of security is doubly challenging. In order to deliver secure managed solutions to the small and medium sized companies they support, they must keep security at the top of their own priority list. The influx of new systems, devices, and technology has made it so service providers and their customers are now vulnerable from to an even bigger slew of threats. MSPs need to be proactive in creating data security policies that tackle these threats head on.
1. Educate Staff On Trending Security Threats
A while back, we outlined a few security threats to be on the lookout for this year. We could probably do a piece like this every quarter because new threats are emerging all the time. The only way to stay on top of the ever widening threat landscape is through continuous education. Employees should have intimate knowledge on malware, malicious emails, phishing scams, lateral attacks that originate from guest access, and other threats as they evolve. Make following security trends as important as watching the trends you monitor in money making opportunities.
2. Avoid File Sharing Services
Peer-to-Peer technology offers a convenient way to “borrow” files and applications. It also opens the gate to a spooky dimension of security concerns. Users of file sharing services instantly make themselves vulnerable to unloading malicious code, mistakenly granting access to confidential information, and of course, the prosecution attached to violating copyright ownership. Instead of just saying no entirely, MSPs can show they’re serious with a data security policy that specifically addresses file sharing services:
- Make sure employees understand the risks associated with using P2P networks and file sharing services in general.
- Block file sharing programs using a firewall or other network perimeter defense systems.
- Monitor the network to make sure you aren’t running any unauthorized file sharing programs.
- Restrict where employees are allowed to save sensitive data – just in case something slips through the cracks.
3. Standardize Official IT Solutions
The technology solutions you do support should be standardized to the best of your ability. A firm running an enterprise-level PSA solution could benefit tremendously from simply standardizing how they go about using the platform internally. For instance, IT managers can establish access rules, responsibilities, and even a portion of disaster recovery planning around using this one app. Standardization can speed up detection and response times while providing a way to measure performance and continually improve the system over time.
4. Plan For Patch Management
Every second Tuesday of each month, Microsoft does this thing called Patch Tuesday. This day is reserved to announce the known flaws that are being fixed to make the company’s operating systems and programs safe and efficient. The May, 2015 edition saw updates for a total of 46 vulnerabilities, including those in several desktop versions of Windows as well as Windows Server, SharePoint, and Silverlight, Microsoft’s answer to Adobe’s Flash.
MSPs run an arsenal of software applications, and each platform is a potential point of entry for intruders. Patch management is about patching up the holes in those platforms and maintaining a level of security that keeps the network safe. It’s a tiresome process many companies don’t feel like bothering with, evidenced by growing number of security breaches with origins that lead back to patching – or lack thereof. MSPs should develop a comprehensive patch management strategy that is prioritized based on how each application impacts their operation.
5. Keep Clients In the Know
So maybe you don’t necessarily sell managed security. Still, it can only help to become the source your clients turn to for data security policy planning. Find a good publication you can trust for up to date info. Regularly monitor the latest trends on LinkedIn and Twitter. If you don’t school your clients on the P’s and Q’s of security, there’s surely a competitor out there who will. And if the client can get their security knowledge from the competition, they may start figuring they can get their IT solutions from them, too.
Photo Credit: Purple Slog via Flickr