Ensuring Small-Business Data Security: A Valuable MSP Opportunity

Written by MAXfocus Guest Blog
October 29, 2014

Earlier this year, security vendor CSID carried out a survey that revealed worrying details as to how little effort some smaller businesses put into securing their customers’ confidential data. Only 43 percent of the small businesses surveyed said that they were happy with the security measures they have in place. Furthermore, only 12 percent reported having a plan in place for how they would deal with a security breach. Despite this, 80 percent store customer email addresses and telephone numbers on internal systems, and 70 percent store the home addresses of staff and customers.

As should be clear from the frightening figures above, there is undoubtedly an opportunity here for MSPs. With less than half of small businesses confident of their own data security, it’s almost as if they are waiting for someone to come along and help them. While these smaller businesses are probably concerned about how much additional security measures will cost them, they are sure to be equally concerned about the reputational and financial implications of a data breach.

Here are five ways in which you can offer to help:

1. Assist with strategy

It’s usually possible to boost the security of an infrastructure by changing internal processes and practices.

For example, you can probably think of one or two customers who use simple passwords for authentication, or share each other’s passwords “to keep things simple.” If customers store customer data, they are not too small to need to take security seriously, regardless of how few employees they have and how much they feel they trust them.

2. Use technology to “lock down” authentication

Continuing the above example, once you have persuaded your customer of the need for frequently changed, complex passwords, use tools such as Windows Group Policy to enforce the security.

3. Suggest penetration testing

Once you have a customer determined to do all it can to enforce system security, a professional penetration test is a good idea. Just make sure your customer is aware that acting on the findings of the report will cost money. For example, its consumer-level router/firewall will probably need to go, and be replaced with something rather more “enterprise-grade.”

4. Think about encryption

If company laptops are sent out unencrypted but containing company data, they are an open invitation for a security breach. Even with strong password protection, all a thief needs do is remove the hard drive to get full access to data. Choose an encryption solution you trust, be it a third-party product or something built into the operating system, and encourage customers to use it routinely. The same goes for mobile devices and external storage.

5. Put a plan in place

Businesses need a “damage limitation” plan in case the worst happens and a security breach does occur. As the MSP, you should suggest assisting with putting this in place.

The recommendations listed above are just the start, and can easily be bundled together as a data security package for your customers. Sometimes there’s no harm in frightening customers a little by telling them about risks they’re exposed to—especially if you have ready a (chargeable) way to reduce them!

Guest blogs such as this one are published monthly and are part of The VAR Guy's annual platinum sponsorship.