It’s no surprise that security was the No. 1 SMB concern among respondents surveyed for the recent CompTIA study, Enabling SMBs with Technology. As the report states, “Security is quickly becoming a top priority for all businesses as breaches occur more frequently and carry more serious repercussions.”
Comprehensive security management is no longer a nice-to-have. It’s a basic requirement to make sure a company’s systems and data are protected not only from malicious agents, but also from human error, oversight and procrastination. The risks are just too high. Over half of small businesses go out of business within six months of a security breachsince they don’t have the resources of a Global 2000 company to weather the repercussions.
MSPs that offer comprehensive security services as part of their IT management offerings have a great opportunity to increase profitability and position themselves as a high-value partner with SMBs.
Here are 10 key considerations when building a security practice at your MSP:
- Antivirus/anti-malware. A foundation of any security-as-a-service offering is robust antivirus/anti-malware software comprehensively deployed and continually updated. When multiple systems share the same network and storage facilities, the potential for a virus or piece of malware to spread from a single infected system is high. Loose lips may sink ships, but improperly secured endpoints will bring a network to its knees.
- Patch management. Research estimates that, in 2014, there was an average of 19 new threats daily. Automatically downloading and installing patches is an essential cornerstone of a company’s security policies.
- System audits. Security plans need to be based on actual information, and that information needs to come from actively reviewed audits. If the plans are out of date, or are out of sync with what can be seen from audits, then it’s time to re-evaluate how security planning is being handled.
- Security remediation. Even minor endpoint security tweaks, like closing off unnecessary ports or disabling file execution from the appdata folder, can take an excessive amount of time when those changes have to be made manually on one system after another–and another and another.
- Access control. If Phil in accounting needs to read only the sales pipeline reports within the sales department, then he needs only read access to those specific files, not full access to all sales information. The principle of least privilege should be applied liberally to any system of access control present.
- Password management. Users often reuse the same weak passwords, and take too much of IT’s time resetting them when forgotten. Strong-password policies supported by technology automates the expiration and changing of passwords, both on-premise and on the Web, as well as minimizes the risk of password-related security breaches.
- Multi-factor authentication. Strong password policies are a sign that someone has put some thought into this, but, to truly shine, additional protection like multi-factor authentication (MFA) is also recommended. MFA adds identity assurance protection to the servers, desktops and networks. MFA is a requirement for many industries with compliance regulations. In fact, MFA is becoming mainstream for IT security.
- Remote and mobile access. SMBs’ workforces are increasingly mobile and dispersed. Security services need to follow employees wherever and however they set up shop. Secure remote access, centralized compliance policies, securing company data on remote devices–even wiping data remotely for lost or stolen devices–all need to be part of having a secure, mobile workplace.
- Compliance to outside regulations. Services that track all activity, know the health of users’ passwords and provide alerts when systems are at risk of non-compliance make meeting audit and compliance requirements a routine and simple process.
- Scalability. Make sure that the security services and components are scalable, and can quickly and easily grow and adapt as the business develops.
SMBs readily look to outside IT firms when they realize their in-house expertise is insufficient. Providing best-practice-based security services is a great opportunity for MSPs to profitably evolve their relationships with existing clients, as well as to bring in new business.
*Originally posted on MSP Mentor.
Author: Miguel Lopez