Home /
TitanHQ Blog /
5 Key Lessons to Running an Effective, Security-Minded MSP Business
Posted by Geraldine Hunt on Fri, May 10th, 2019
In order to avoid being categorized as a commodity, many MSPs are branding themselves as security-first IT providers in order to differentiate themselves from the pack. While there are still break-fix guys out there servicing SMBs that can’t get past the notion of paying for IT services every month, the MSP model has prevailed, so much so that MSPs now find their markets more competitive today as new competitors have entered the field.
SMBs are beginning to realize that their size does not negate them from cyber threats. In fact, hackers look at them as low-hanging fruit that can easily be exploited. According to research conducted by the National Cyber Security Alliance:
• Almost 50 percent of SMBs globally have experienced a cyber attack
• More than 70 percent of attacks target small business (not all are successful)
• As much as 60 percent of hacked small and medium-sized businesses go under after six months.
Business owners, however, know even less about cybersecurity than they do networking, so they need an outside expert properly advise them and prepare them for the inevitable threat. But being a security-minded MSP constitutes more than just an added level of consciousness. As with anything, there is a learning curve to running a security-minded organization. For MSPs, nothing can damage brand and reputation more than one or more of your customers falling victim to a ransomware attack or experiencing or a data breach. Below are some of the key lessons to running an effective, security-first MSP company.
Implement a Multi-Factor Authentication Solution
According to the 2017 Verizon Data Breach Investigations Report, 81 percent of hacking-related breaches are due to the leveraging of stolen or weak passwords. Passwords are the keys to the kingdom, which is why cybercriminals assiduously pursue them. While passwords alone were ample ten years ago, they are highly vulnerable today due to the utilization of artificial intelligence and automated dictionary attacks. One of the most effective measures you can take to secure SMB user client accounts is to integrate MFA into their authentication routine. MFA should be enabled for all authentication attempts made off-premise as well as password reset requests. Of course, it goes without saying that a strict password policy should be employed that enforces complexity and maximum age.
Design a Marketable Security Stack
Every MSP today needs to have a well-conceived security stack for its customers. A security stack should encompass a multi-layer security strategy, as the reliance on a single firewall perimeter is now completely susceptible. An effective security stack incorporates multiple components such as email security, web filtering, sandboxing and endpoint protection. Other additions can include application whitelisting (AWL) and IPS or behavior network analysis. Once in place, it is important to annually review your stack, evaluate your vendor relationships and stay abreast of new solutions that are constantly coming on the market in order to provide the best possible protection to your clients.
DNS filtering as part of a multi-layer security strategy
While a firewall is essential to provide a secure perimeter for your customers, the greatest vulnerabilities for them involve internet activities such as web browsing and email. A cloud-based DNS filter can protect users and their enterprise devices both on and off premise, providing 360-degree coverage in a mobile Wi-Fi world. A cloud-based DNS filtering solution requires no hardware or software client applications. This makes deployment really easy. Simply redirect DNS queries for your customer devices to the vendor’s servers and they are protected, requiring no special training on your part. As a cloud-based solution, there are no worries about how it fits into your security stack.
You should choose a solution that allows you to granularly manage web activity using additional filtering methods including URL and SURBL, web categories and keywords. In addition, modern DNS filtering solutions include embedded malware filtering that scans all internet traffic for ransomware, malware and other types of embedded malicious code. This is especially important in order to protect from recently compromised websites.
Stay Informed about New Security Compliances and Regulations
While you may not have any clients that reside in a European country or the state of California, one of your customers may serve residents of residing within their borders or deal in the collection, hosting or reselling of personal data involving people from these areas. If so, your MSP may fall under the jurisdiction of the General Data Protection Regulation (GDPR) or the California Consumer Protection Act (CCPA). Government compliance regulations such as these can go far beyond the borders of their immediate jurisdiction. GDPR and CCPA are having global repercussions for companies across the globe. It is up to you to learn about any and all compliances that your SMB customers are required to follow as you may be partly liable for a breach or damaging incident. Any of your clients that accept payment card transactions must follow the specific guidelines of PCI DSS so you need to familiarize yourself with their guidelines to ensure compliance. Any MSPs that service organizations in the healthcare field must comply with HIPAA.
Sometimes You Need to Walk Away
The most successful MSPs sometimes say no to new business. It’s not uncommon for MSPs to demand that new clients upgrade to a minimum operating system or purchase warranted equipment in order to be able to properly manage their network resources. The same should hold true for security. For instance, a prospective client that insists on retaining poor password policies or isn’t willing to pay for your complete security stack is one that you might should probably politely walk away from.
Clients that make themselves vulnerable out of neglect or ignorance can expose the networks of you and your customers if they get attacked or infected. As an MSP, you need to promote a “We’re all in this together” attitude in order to keep everyone secure. You also don’t want to expose yourself to possible fines due to the failure of a client being out of compliance.
To find out more about how we work closely with managed service providers to meet the requirements of the SMB marketplace speak with our MSP Integration team today.