If I Were Launching an MSP Now: ITech Solutions’ Brian Weiss Implores MSPs to be Sticklers for Security
We sat down with ITech Solutions CEO Brian Weiss this week to find out what he would do if he were just starting an MSP. There are many aspects to starting a successful MSP, he says, but above all, you must be a stickler for security.
“I wouldn’t just launch an MSP, I would launch an MSSP with security at the forefront of my service offering,” says Weiss.
Security is indeed one of the most important aspects of any business, but it’s too often overlooked or glossed over. The consequences can be devastating for companies, so it’s no wonder Weiss puts security right at the center of his focus. And why he thinks you should too.
Here are Weiss’ three top reasons why budding MSPs need to add additional security services.
1. Use an encrypted password manager.
Without an encrypted password management program, most, if not all of your clients’ saved passwords (including browser passwords) are not stored in an encrypted manner. With one simple scan, someone can look up all the passwords that have been saved to their computer, compromising every system they have accessed. Additionally, if internal staff are able to view end-user and administrative passwords, that is a security compromise in itself.
“It is best to require that all your clients use an encrypted password manager with single sign-on and multifactor authentication (MFA) solutions to prevent passwords from being compromised,” says Weiss. “ITech Solutions is working with Passportal, OverwatchID and Duo to implement a password-management system that is encrypted, secure, supports automated password resets and provides identity-access management so that no one has to even know their own passwords.”
2. Knowledge is power.
Another weak link is the end user themselves. As much as we’d like to put faith in our employees, unfortunately, there are some among us who are susceptible to phishing scams. The good news is, this is mostly preventable.
The key is education and training. And then, more education and more training.
“If your client’s employees are not regularly trained in best security practices, they will ultimately be the source of a security breach,” warns Weiss.
3. Call for backup.
The worst-case scenario in any type of breach is loss of data. It’ss imperative that you have security and redundancy in place to protect clients against any security breach that could cause encryption, deletion or corruption of their data.
Cloud backups with file revision history are imperative, and any roaming device storing data should be automatically backed up to the cloud. Encryption of data on all roaming devices will prevent a data breach should a device become lost or stolen. SaaS backup services are needed to ensure no data loss with cloud services such as Office365, GSuite, Salesforce and more.
Brian Weiss started working with computers as early as 1996 while still in high school. After graduating he worked for a small mom-and-pop computer shop while attending college focusing on computer and network services. A few years later, he left college to start his own IT company, initially working as an independent contractor before starting ITech Solutions in 2005. Itech Solutions started out as a break/fix IT company and has grown to a full-fledged managed IT service provider managing over 2000 devices primarily servicing San Luis Obispo and Santa Barbara Counties in California.