SMB Fall Housekeeping: 5 Security Concerns to Discuss with Customers
It’s that time of year again: Summer is wrapped up, vacations are over, and the kids are safely back in school. In the business world, this is a prime opportunity to catch the executive team in the office before the holidays. Successful MSPs often use this time to conduct quarterly business reviews with managed customers. With new machines to install and systems to update, security conversations can easily be overlooked. Here are few things we should be discussing with our customers as the temperature drops.
1. Rogue endpoints and device security
The summer buying season and lengthy vacation travel may have spurred purchases for new tablets and smart devices. Unfortunately, even flat-rate/managed customers are still reluctant to share information about connected devices unless they have a question about setup. Take time to discuss these newly connected endpoints (even if it’s just via email), and construct a solution to adequately protect these users in the office (guest networks, etc.) and on the road.
2. Payment processing systems and methods
Recent data breaches may have “helped” customers see the value in stepping up security, especially when handling customer payment data and/or personally identifiable information. Several of the recent incidents could have been avoided if end users were properly securing this data. Amazingly, credit card data is still vulnerable on the desktop in .txt files and unprotected data stores. Make sure that core security solutions are up to speed, and carve out some time to educate users on the reasons why it’s important.
3. Cloud collaboration and file sync
Similar to adding devices, the travel season brings about the need to be able to work from anywhere (in my case, the beach). Rogue solutions may be deployed as a team, individually by user or both. Because these solutions are available for free, users may have opted to create their own outside of corporate policy. Ideally, these tools should be replaced with a managed solution and controlled by an admin. At minimum, IT should be aware of these solutions and educate end clients on their risks.
4. Compliance policy changes
Payment Card Industry, breach notification laws, HIPAA—the compliance engine has been busy in the past year. Schedule a meeting with the executive team to discuss changes and how they affect the business. PCI DSS 3.0, for example, introduces increased need for quarterly assessments, and the Dec. 31 deadline is quickly approaching. Businesses failing to meet the challenge risk hefty fines and public embarrassment in the event of a security breach.
5. Get connected with end users
What do these guys really need? Is it time for a team meeting? Absolutely! Once you have reviewed everything with the boss, ask for a few minutes with the team. Find out what solutions are in place, why they prefer them, and what they would like to see implemented in the future. Shadow IT occurs many times because users are not comfortable enough or connected enough with IT to ask questions.
Getting complete answers from customers can be tough. Contact Nuvotera for more tips and tricks. If you missed our September webinar, please click the link to become truly data-aware: How to Discover, Detect, & Remediate Unprotected Data.
Eric Pinto is product manager at Nuvotera. Guest blog such as this one are published monthly and are part of Talkin' Cloud's annual platinum sponsorships.