It Starts at Home
Now that October has been designated National Cybersecurity Awareness Month (CSAM) by the National Cyber Security Alliance and the United States Department of Homeland Security, we are seeing promotional material from a variety of public-facing businesses. Everyone from our banks to our credit cards to the grocery store are promoting it on their various platforms. Which is great…but shouldn’t every day be a day that we’re aware of cybersecurity? This should be true especially if you’re in any way associated with the technology sector.
When you’re an MSP, you live and breathe technology. At least from 9-5, right? That’s said in a sarcastic sense – it’s more likely that you are thinking about it 24/7. But are you thinking about it for you, or just for your clients?
Like your clients, there is not a one size fits all solution for MSPs to address security within their own business. Consider treating your own business like you would one of your clients. Run through the entire process that you would when you meet with someone and do a security risk assessment within your own four walls. This will provide you with at a minimum, two sets of feedback. First, you’ll be able to see how your own process works and evaluate and expose not only the security gaps that may be there but also the procedure gaps that may be within your process with clients.
MSPs Are a Target
When you know of the potential risk to your clients, you warn them about it. And last year a security alert was issued from the Secret Service warning of an increase in attacks on MSPs. Cybercriminals are increasingly aware that targeting YOU is a much faster and easier way to get a bigger payout than going directly after your end clients. Your network houses a plethora of information that can give them entry to your own network as well as access to all of your customer’s networks. Can you say “Jackpot”? You need to ensure that you are utilizing the latest and most updated security standards for yourself as well as each of the companies that you support and protect. At the very least, taking a moment to review the following items on a regular basis within your own environment will be helpful:
- Are your remote admin tools up to date?
- Are access levels updated, and correct? In other words, who has access to what, and do they actually need it?
- Are logins shared?
- Have any employees left and has their access been terminated or redirected to the person who currently fills that role?
- Have local, state, or federal compliance mandates changed?
- Are all of your staff members continuously being trained on the latest security threats? It might be second nature for your techs, but what about your bookkeeper?
Treat your business like you treat your clients. Put safety and security at the forefront of your own business. This is not only serving your needs, but also putting an additional layer of protection on your clients as well, and something that you can assure them of when you sell your own services. Likewise, this not only allows you to keep your business safe, but it is another way of showing your clients that you too take the approach that you are recommending to them. In addition, it gives you a perspective of what they are going through as they use the products you deploy at their site.
Don’t be the cobbler whose children have holes in their shoes and remember that security starts at home, and in this case, your business home!