Cyberclue One: When the auditor knocks, have strong documentation and proper processes in place
While MSPs cannot be responsible for a business’s complete compliance, you still play a major support role. Historically, most regulations covered specific industries like healthcare, finance, or government. However, the advent of regionally based data privacy laws like the General Data Protection Regulation (GDPR) and its predecessor the Data Protection Directive (DPD) in Europe, or the California Consumer Privacy Act (CCPA) in California, prove that ever more businesses will fall under some form of regulatory oversight.
While we can’t give specific advice on compliance laws, there are some fundamentals you should know:
- Process: One of the benefits of compliance is that many (although not all) laws or regulations provide specific guidelines around processes. Before you take on a new client, make sure you know the ground rules of any regulations for which they have obligations. Follow any processes mandated by the law, and make sure your team is up to speed on these requirements. Also, be sure to check with legal counsel before taking on any regulated requirements—you don’t want to accidentally stumble into a legal hornet’s nest. Finally, don’t forget to refresh your team and your own knowledge periodically—some regulations get updated frequently enough to affect your team.
- Documentation: Beyond following processes, you need to be able to show your work if an auditor does come to make sure your clients are up to scratch. Choose technology tools that can help you document and demonstrate your commitment to these regulations. For example, when looking at security information and event management (SIEM) tools, make sure to choose those with comprehensive reporting that can help you show due diligence.
Cyberclue Two: Patch. AV. Backup. Proactive, daily cyberhygiene is your first defense against foul cyberdeeds
Over the past few years, attacks have increasingly targeted small and medium-sized businesses (SMBs). While large enterprises may have advanced security teams in place, smaller businesses rarely do. And these small businesses still often have valuable data criminals can use to either steal and sell or encrypt for a ransom.
However, it’s not just about having advanced security practices—SMBs rarely practice the fundamentals diligently. As an MSP, it’s important to keep these fundamentals in mind—whether it’s a daily practice like checking for patches or it’s a periodic practice like refreshing passwords. Here’s what to do:
- Patch: First off, stay current with updates both on the operating system and on third-party software. Surprisingly, many businesses and individuals don’t follow this advice, which is basically security 101. Even several years later, an estimated 1.7 million endpoints remain vulnerable to WannaCry. Get a good patch management solution to help you automate the process of updating your customers’ hardware and software.
- Antivirus: If you’re using antivirus, then make sure to keep current with signature updates. Out-of-date AV signatures leave you open to the latest threats. However, you may want to switch to a full endpoint protection solution that doesn’t rely on signature-based protection to detect threats. For example, SolarWinds® Endpoint Detection and Response, available in SolarWinds RMM and SolarWinds N-central®, uses artificial intelligence to detect anomalous behaviors on endpoints so you don’t have to keep up with signatures (and can discover and deal with threats undetectable by antivirus).
- Backup: Backups aren’t just for power outages or natural disasters—the prevalence of ransomware shows the importance of having good backups in place for your customers. Choose a backup solution that can automatically back up data to the cloud on a set schedule and that gives you clear visibility into backup statuses. Also, don’t forget to periodically test your backups—the last thing you want is to have to recover a client quickly only to find that one of your backups was corrupted.
Beyond these three, there are plenty of other tips on practicing the fundamentals coming up—from strong passwords to email security. But I’ll leave that to my colleagues with articles coming out soon.
Stay Tuned for More Tips
October is spooky enough already without having to worry about cybercriminals haunting your customers’ endpoints and networks. Stay tuned throughout Cybersecurity Awareness Month for more articles and tips to help you ward away cybercriminals.
As mentioned earlier, running daily backups of your customers’ data plays a central role in helping keep their data safe from cybercriminals. Yet, manually running backup can be quite a chore. SolarWinds® Backup lets you automate much of the backup process so your techs don’t have to spend time babysitting daily backups. Plus, you can view backup statuses at a glance from a single location so you can help ensure your data copies are ready to go in the event of an emergency. Start a free trial of SolarWinds Backup today.