MSPs: How Are You Safeguarding Your Clients’ Data?
In case you haven’t noticed, no one has been immune to data breaches. Some of the largest enterprises in the world have been hit over the past two years, leaving little doubt that any company is not at risk. As a managed service provider (MSP), securing cloud-based file sharing and safeguarding your clients’ data is among the most important aspects of your role.
Apple, Target, Home Depot, eBay, JP Morgan Chase, Anthem, AOL — these are just a few of the companies that have made headlines in the last couple of years as a result of suffering high-profile data breaches. The causes of those breaches ranged from the social engineering of customers to full-scale breaches of company networks. Similarly, the fallout of the breaches ranged from select individuals’ personal information being leaked to the wide-scale exposure of thousands of customer records and personal data.
The one common element, however, is the damage done to the companies’ reputations – with some even facing legal action as a result.
This puts MSPs in a delicate balancing act, between serving their customers with the features and ease-of-use they require, while, at the same time, protecting their data. There are several steps that all MSPs should be taking to meet these demands:
Use Two-Step Verification
One of the easiest ways for malicious hackers to gain access to customer data is through social engineering, or the process of manipulating someone into giving out information that can be used to gain access to their account.
While no system can completely prevent social engineering, two-step verification is a strong deterrent. This is because it requires two separate factors to establish a person’s identity. A common example of this process involves a person logging in with their username and password, followed by the system sending their mobile phone a text message with a PIN that must be entered to continue.
Enforce Strong Passwords
Another common weak point is the strength of users’ passwords. Too many individuals still use common numbers, letters or names as passwords to critical services. “123456,” “12345678,” “abc123,” “querty,” “password,” “000000” and “trustno1” are examples of the kind of simplistic passwords that can be easily guessed or broken.
In contrast, secure passwords involve at least eight characters, have both numbers and letters, contain at least one uppercase letter and, preferably, do not contain any words that can be found in the dictionary. A common practice to achieve this is to substitute a symbol or number for a letter.
Establish Mobile Device Policies for Employees
Bring Your Own Device (BYOD) has become one of the fastest growing trends in recent years. Thanks to the growth of cloud services and a wider adoption of open standards, the actual device and platform are no longer as relevant as they once were. This has led to many companies adopting – or at least tolerating – a BYOD policy.
While such a policy may be good for a company’s bottom line, it can wreak havoc on a company’s security. For an MSP, it is critically important to establish guidelines for employees that will be using their own devices – and that they take those devices home at the end of the day. Requiring passcode or PIN locks, enabling device tracking and ensuring remote wipe capabilities are enabled are important steps to take make sure clients’ data is protected at all times.
Customers choose MSPs for a reason: They lack either the desire or ability to manage the necessary services themselves. As a result, they are depending on an outside force to do it for them.
Too often, however, MSPs make the mistake of viewing their role as purely a technical one, when, in fact, it is just as important to educate customers on the best practices involved in using their services, including security best practices.
While no company can guarantee they won’t suffer a breach, or can completely avoid security issues, following the above steps can go a long way toward minimizing the risks — for both you and your clients.