The five biggest MSP security threats
Security breaches are bad news for MSPs. They can make customers doubt your level of competence, sometimes through no fault of your own.
It’s therefore of paramount importance to ensure you do all that you can to mitigate the risks. In this article we list five significant MSP security threats, and provide some basic advice to help you minimize the chance of each one causing you a problem.
1. External Devices
It’s a shame that USB keys and external hard drives are so useful, as they are extremely easy to mislay, resulting in an instant security breach.
How to mitigate the risk: Use encryption on all USB devices used during projects. Don’t carry around devices containing customer data. Ensure customers are well educated on the risks associated with such devices.
2. Phishing / Social Engineering
If you’ve been working in IT for any length of time, you will have seen fake PayPal and bank login pages, “scareware” Internet security products and other ways criminals use to separate unsuspecting individuals from their passwords and credit card details.
The risks aren’t limited to those found on the Internet. Plenty of scammers use the phone to attempt to gain login details or remote access to PCs.
How to mitigate the risk: Train users to be highly suspicious. Use examples of phishing sites and emails to show just how convincing some social engineering techniques can be.
3. Disgruntled Staff
Staff who’ve left “under a cloud” can create a major security risk. It may be rather foolish, but it’s not unheard of for vengeful employees to make use of their passwords to do some damage after their departure.
How to mitigate the risk: Ensure you have a clear procedure for when staff leave your business. This means changing passwords and disabling accounts promptly. It’s also important to ensure that employment contracts include clauses that protect you from the actions of disgruntled staff and ensure some legal recourse.
4. Unpatched Websites
Security breaches don’t always concern internal systems. Anyone who has hosted a few websites for more than a couple of years has probably experienced one or more hacking attempts.
How to mitigate the risk: Use a reliable backup system for all websites under your control (include those built for clients). Ensure content management systems (such as Joomla and Wordpress), and their plugins and extensions, are regularly updated to the latest versions. Follow the advice of your Web host on all issues concerning security.
5. Poor Password Management
However much the IT industry advances, passwords are still the final line of defense for most systems. There’s therefore no excuse to take a lackadaisical attitude towards them.
How to mitigate the risk: Always follow “best practice” guidelines for password management. Don’t let convenience take a higher priority than security. Demonstrate to clients how easy it is to crack a simple password so that they take their own password responsibilities seriously.