As a managed service provider, one of your main responsibilities is protecting clients from security threats. Cyber-security breaches are a way of life in the IT world and tend to have some devastating repercussions. Victims may take a hit in the reputation department, lose profits, and depending on the severity of the breach, end up out of business. Unfortunately, MSPs are often tasked with not only shielding clients from the array of threats, but protecting clients from themselves as well.
You can implement the best security policies and technologies available, but once clients get involved, all bets are off. Here are some of the most common ways clients put themselves at risk.
1. Unleashing Malware
Malicious software or malware, takes many forms. It can be a virus, piece of spyware, or Trojan, and cause damage that ranges from deleting critical system files to spying on activities to installing even more harmful programs on the victimized computer. An uneducated user can introduce one of these malicious critters by opening an email attachment or downloading free software online. While contracting malware is easier than catching a pass from Peyton Manning, getting rid of it can be difficult and costly the deeper and further it spreads.
2. Shopping on Insecure Websites
Now that the holiday season is upon us, employees may be tempted to get some last minute shopping done from the company computer. Online shopping is rather common these days, but it’s also very dangerous. What many people don’t realize is that as is, any data sent over the internet is delivered in insecure fashion. That means personal information, credit card numbers, and more can easily be intercepted by cyber-criminals using the simplest of tools. Shopping on an insecure website might expose the user to fraud, or full-blown identity theft.
3. Being Careless with Passwords
As fate would have it, we lose brain cells everyday – some of us more than others. This is a great excuse to back up why you find passwords so darn hard to remember. To keep up with them, employees have been known to scribble down passwords on sticky notes or any loose paper they can find at the desk. This isn’t necessarily a crime in the home office, but in the traditional office environment where individual work spaces are often easily accessible, it can be risky business. Whether it’s improper storage or simply choosing something that is easily guessed, password carelessness leaves corporate systems extremely vulnerable.
4. Ignoring Company Policies
Many organizations implement policies that are designed to govern how employees use the company system. Maybe they want to make sure workers are not using the computer to download music or goof off on Facebook. Company policies are put in place for a reason and when violated, users can inflict a world of damage. Someone who keeps finding their way to social networks could cost the company countless hours in productivity, which has a direct impact on revenue. An employee might not only infect the computer they’re using, but compromise all other systems in the network when downloading what they believed to be a harmless album or app.
5. Lack of Knowledge
By now, it should be clear to see that the weakest link in an organization’s security fence isn’t a computer system, but the people that comprise it. Cyber-criminals realize this, so they target their attacks accordingly. They use social engineering tactics like spear-phishing to convince unknowing users to willingly hand over access to corporate resources. They bundle malware into desirable software, counting on the uneducated employee downloading it, triggering the malicious code, and unleashing havoc on the whole network. The lack of user knowledge is often compounded in organizations where management feels education is either too costly or unproductive to bother with.
Lending Your Expertise
Managed service providers would be wise to add another job to their extensive list of responsibilities – educating clients on IT security. After all, their mishaps on the computer could result in your systems being compromised, and that’s just not cool. Here are five pointers that will help keep both sides shielded from cyber-security threats.
1. Provide educational resources. Sitting down with each customer just may not be possible. Instead, give your entire client base immediate access to a blog, knowledgebase, or newsletter that schools them on the best practices of IT security.
2. Drive home your security requirements. More than likely, you have already outlined a plan to keep your IT infrastructure safeguarded. Make sure clients know what that outline entails and what they need to do to play their part.
3. Make security recommendations. Let customers know how effective certain security practices have personally been for your company. Maybe you can steer them in the direction of solutions that save them money. They’ll love you for that!
4. Pass along relevant info. Recently heard that an organization in your client’s industry was the victim of a data breach? Share that information so they can sure up their defenses and be on alert.
5. Keep it real. Should your company be the victim of a security breach, inform your clients and let them know what you’re doing to resolve it. Additionally, tell them what they should or shouldn’t be doing to ensure that things don’t spiral from bad to worse.
With their extensive knowledge in the IT arena, managed service providers are arguably the best security resources for their clients to learn from. Sharing that wisdom could lead to stronger relationships with customers, who are now more trusting and loyal because of it.
Photo Source: Flickr