The Rising Importance of Data Security
By Andrew Hutchison
Andrew Hutchison is Director of Managed Services at BlackPoint IT Services in Kent, WA. His team-co-located in the Northwest and Manila, Philippines—services its SMB client base and provides outsourced support to other MSPs. Andrew is a member of the Datto Partner Advisory Board.
As a Managed Service Provider, data security should be applied comprehensively across your network and toolset, as well as on your clients’ systems. Security should also be validated or periodically assessed and compliance standards should be maintained.
Assess and secure your network
Start with checking your own network for security best-practices. Your assessment should review your physical security—checking who has physical access to which systems—as well as software and configurations like:
- firewall and VPN configuration settings
- the health of your antivirus protection
- the status of patches and software updates
- an inventory of open ports (both internal and external)
- mobile device usage
Beyond that, also check your internal security (who has access to which systems and permission settings on your data); then, check the dates, inclusions and exclusions of all warranty and service contracts, ensure Disaster Recovery plans are current, and check whether multi-factor authentication (MFA) is enforceable, or validate that MFA is in use.
It’s no longer good enough to install an antivirus and put your apps behind a firewall. Make sure all systems and tools you use to manage client systems or data use MFA. Backup all business-critical systems and make sure you can start those systems in minutes from backup, in case of natural disasters, breach, or employee error. Put all of your employees through security awareness training and perform simulated security phishing attacks.
Helping clients improve data security
Once you have your own house in order, start down a similar path with your clients.
Security assessments and up-sells
Offer clients a security assessment and detail the changes and additions they need to make to ensure their systems are secure. Offer your existing clients all the new security features of your managed service offering as an up-sell, and make standard offerings required for new clients. Consider adding the following to your offering:
- Supplemental endpoint protection (like Huntress or Sophos Intercept X)
- Darkweb scanning (ID Agent)
- End-user Security Awareness training
- Phishing campaigns to test the end-user security awareness
- Multi-factor Authentication and single sign-on
- Endpoint data encryption (especially for remote users)
- Supplement standard e-mail security beyond SPAM and AV to include encryption options
- DR Plan as part of your BCDR service (PlanITDR)
- Backup all business critical systems including cloud apps (O365 and GSuite) and systems that may not always be running on a server (like environmental controls, production controls, security systems/access, elevators)
- Backup firewalls and network device configurations (Auvik)
- Endpoint DNS filtering (Umbrella)
- Mobile Device Security or MDM (system to remote wipe or lock a mobile device)
Use assessment tools like Network Detective to automate most of your assessment, but manually analyze the data and make your own recommendations to your clients. Also, create a reminder to repeat the assessment every 6 to 12 months.
The rising importance of data security for MSPs
As news headlines continue to be plagued by breaches, malware, and other failures, the need for data security increases—and with it, the opportunity for MSPs to offer more value (and earn more profit) from clients. Data security protocols are constantly changing and keeping up with the times is too challenging for most clients to do on their own. Becoming their trusted advisor on all things data security positions an MSP to succeed today and tomorrow.