it ’ s viewed as an inconvenient extra step for end users , but that ’ s largely a misconception .
Companies looking to add two-factor authentication to their IT infrastructure have a plethora of options , including freebies from Google and Microsoft ( included with Office 365 subscriptions ) to premium offerings from Kaseya , Duo , and Okta . Some solutions will even support single sign-on by leveraging a universal directory .
Don ’ t Forget About Physical Security .
Often overlooked in the battle against cyberthreats is the “ brick-and-mortar ” component of protecting sensitive data . While the vast majority of breaches occur solely in the digital domain , physical access to servers , devices , and networks also poses a legitimate threat that shouldn ’ t be ignored .
Restricting access to facilities , server rooms , and endpoints is another key layer of defense in the battle against data theft and security breaches . MSPs themselves are particularly vulnerable since they touch multiple enterprises from a single location , so utilizing proper procedures at their own offices is just as valuable as imploring clients to do the same .
Change The Dynamic By Changing The Defaults .
Customers are entrusting their mission-critical applications to MSPs with the expectation that the MSPs are doing everything possible to protect their systems and data . These clients will most likely go along with their MSPs recommendations , so starting from a position of strength instead of making security best practices optional is a winning position for all parties .
Instead of requiring customers to opt IN to better security mechanisms ( such as two-factor ), MSPs should instead make their clients opt OUT . Many will not even question if all this security is mandatory and simply go along with what ’ s in the standard package .
For those customers who will want to remove some of these best practices , it will require a conversation with their MSP to ensure they fully understand what they ’ re asking for and the inherent risks and dangers of that decision . This might be tricky to implement , as MSPs are often in “ sales mode ,” where the customer is always right , but this must be non-negotiable if MSPs are to adequately protect their clients and themselves .
It might feel awkward to be so demanding of customers , as MSPs generally want to reduce friction and appear easy to work with . But the risks are simply not worth the reward when you ’ re talking about opening yourself up to unnecessary weak spots in security .
The other piece of the equation MSPs can influence is education . Ideally , every employee would already be wellversed in all things security , but this is unfortunately not the case . Instead , they need both initial education and continual reminders of how to manage their personal information and credentials .
To create a culture of security , MSPs can offer education platforms such as ID Agent ’ s BullPhish ( which provides ongoing reminders and awareness via articles and videos that speak directly to end users ) to get employees up to speed on protecting their company data . Without the proper context , employees tend to ignore security because they ’ re simply unaware of the breadth and scope of threats to their employers .
Once empoyees understand the situation , they ’ re typically eager to participate . By actively involving employees in security , they shift from risk factors and weak points to a network of sensors on the edges , helping to identify possible holes in a company ’ s defenses .
Don ’ t Wait For Something Bad To Happen .
Proactive , preventive measures are the best defense against security threats . MSPs simply cannot afford to wait for an incident and then react after the fact . Not only can it damage reputations and customer relationships , but it can also put an MSP out of business permanently .
Security is no longer optional , which means MSPs must take a hard line with customers and prospects for everyone ’ s sake . No deal is worth destroying the entire business , and proper security requires the active involvement of every employee , not just the IT department . n
VOLUME 1 ISSUE 3 • MSPSUCCESSMAGAZINE . COM | 7