MSP Security: Lessons from Adobe

Scott Calonico

adobe logoIf you follow the technical press, you’re probably well aware of the security breach at Adobe at the beginning of the month.

As security breaches go, this one was pretty major. Adobe’s CSO, Brad Arkin, announced on October 3rd that hackers had accessed the information of 2.9 million customers. The cyber criminals stole names and customer IDs, as well as encrypted credit card details and passwords.

Although Adobe made the following statement: “we do not believe the attackers removed decrypted credit or debit card numbers from our systems,” they still went on to advise their customers to change their authentication details.

They also offered a “sweetener” to some customers, in the form of one year of free credit monitoring, which must surely lead some cynics to believe that there may be a way of the hackers making use of the card details they gained access to.

Adobe’s recent breach reflects the sad reality that no company is immune to attacks from cyber criminals. Security breaches are more of a “when” than an “if” these days. So, with that in mind, how should your MSP business respond and learn from this recent breach.

1. Communicate with your customers

A high-profile security breach of this nature is the kind of thing you should communicate with your customers about. Doing so proves that you are completely up to date with industry developments. If your customers receive an email, or read a tweet or Facebook update about the issue (from your MSP) before they read it in the press, then you should find them impressed with your service.

In addition, provide advice as to what customers should do if they’re affected by the breach. This needn’t go far beyond what Adobe suggest themselves, but taking a short time to communicate in this way is what separates good MSPs from great MSPs.

2. Make sure you own “house is in order”

Every security breach of this nature should act as a wake up call to MSPs who aren’t doing everything exactly as they should.

Do you still have some lax password policies in effect throughout your client base? Do you, yourself, ignore robber with computerbest-practice guidelines and have the same passwords for various different online services? If so, it’s time to practice what you preach and eliminate these security issues.

Finally, if your MSP business has dealings with Adobe (such as a Creative Cloud subscription), make sure you follow the company’s guidelines.

3. Make use of the sales opportunity

Yes, it may seem cynical to say it, but every widely publicized security breach creates a sales opportunity for all kinds of products and services related to IT security.

So don’t let it go to waste. Whether it’s a couple of hours of consultancy to work on password policies, a package of managed security services, or the sale of a full penetration test, don’t be scared to use the breach as an example of why your customers can’t afford not to mitigate against the actions of modern cyber criminals.