1/ Practice the fundamentals
Good cyberhygiene is the essential foundation for effective security. Make sure you are doing the following:
Patching is security 101. Once a vulnerability is discovered, it doesn’t take long for cybercriminals to create an exploit. Keep your machines and software up-to-date with the latest critical patches, just as you would for your customers.
If you lose your own data or access to your own systems, you can’t adequately support customers when they need it. The last thing you want is a customer facing a major technical issue who can’t get support because you’re dealing with a ransomware attack internally. Make sure to back up your own data with a good, cloud-based backup solution to help ensure everything will be there when you need it.
Attackers are increasingly engaged in living-off-the-land attacks, or attacks that use internal system components or processes to cause damage. Traditional antivirus wouldn’t catch these attacks because AV typically focuses on malicious files, not legitimate system processes. An AI-driven endpoint protection solution can better help you handle these attacks.
A significant number of cyberattacks are delivered via email. It’s a cheap, easy way to target victims, and all it takes is one tired employee clicking a bad link to infect your business or give away important user credentials. Make sure to bolster the native security in your email system with an additional solution designed to deal with spam and other email threats.
2/ Hold frequent security trainings
Hopefully, you already offer some security training for your customers. It’s even more important to hold security trainings for your own team. They should be aware of best practices for security, even if they don’t work primarily on security.
Don’t stop at a single security training session—consider holding more frequent, less time-in-tensive refresher courses. You could hold lunch and learns, set up 30-minute monthly recurring meetings, or even send emails with quick tips to the team. Encourage employees to send interesting or important articles on security best practices to the rest of the team. This provides the additional benefit of offering job training in security to more junior staff members.
3/ Practice proper password management
Managing user credentials across multiple customer environments can quickly become a sizeable undertaking. You must be able to grant or revoke access, expire passwords periodically, and demonstrate due diligence to auditors. These can easily become complex, time-consuming tasks.
Make sure to remind users of the importance of creating unique, strong passwords for their accounts. A good password management solution can help your team generate strong passwords and access customer systems and accounts without needing a word-class memory. Also, make sure to periodically force users to change passwords to avoid credentials getting stale.
Protecting your MSP
At the end of the day, your MSP’s security is linked with that of your customers. If you get breached, they’re likely to follow. This can have serious impacts on your business, and could potentially cause you to shutter your doors. So make sure to spend as much time and energy on your own security as you do on your clients’.
For more advice, download our ebook, Building a Security Practice Within Your MSP.
Strong password practices are essential for keeping your MSP business and customers secure. SolarWinds® Passportal is a cloud-based password management solution built to help MSPs create and securely store passwords for their entire customer base. It allows you to generate strong passwords, grant or revoke access to accounts quickly, and automate password changes for your team. Learn more by visiting passportalmsp.com today.