The BrightGauge Blog

5 Security Measures All MSPs Should Take Right Now

Written by Susan Perez | January 21, 2020

We are operating in a world where security risks are greater than ever before. The reality is that our information is vulnerable, but there are steps we can take to decrease our risk of attack. 

 

For the past couple of years, MSP 501 surveys have indicated that security-as-a-service or security offerings in general are the biggest growth area for MSPs, and that will continue to ring true. 

 

Whether or not you are offering security-as-a-service at your MSP, there are general security guidelines that every single MSP should be following right now to ensure the safety of their data and that of their clients. 

 

It starts from within. When you establish strong internal security protocols, that will carry over into making you a more trusted partner. So, whatever measures you put into practice should be shared with and required of every employee who joins your organization (just make it a part of your onboarding strategy!). 

 

Just ahead, we present 5 tips for securing your MSP:  

 

  1. Use a password manager. A lot of websites require passwords of a certain length with a combination of 1 letter, 1 special character, etc. So, people tend to use the same passwords across the board. Bad idea. Instead, use a password manager, like 1Password. In fact, require it for all business activity and use strong, unique passwords for every separate site. Something like 1Password will store your passwords and generate them for you. This can help dramatically reduce the risk of password reuse in the event of a vendor security breach. 
  2. Require 2-Factor Authentication. There’s really no excuse not to do this. Enable 2FA everywhere possible - especially on sites/apps you share with clients. When available, encourage the use of SSO (single sign-on) solutions as well. 
  3. Encrypt, encrypt, encrypt. Across all devices, full disk encryption should be a requirement. This is an important measure to take to ensure that only those people who you want accessing a piece of information are able to access it. Just like 2FA, there’s no reason not to do this.  
  4. Keep your customer’s data safe. It’s one thing to safeguard your own data, but ensuring your customer’s data is protected is incredibly important, too. You are a trusted vendor, after all. Make sure you have clear protocols and safeguards in place around any customer data and resources. When possible, store logs and audit trails for any privileged activity that might access private customer data. Word of advice: when building these systems, be cautious not to accidentally capture sensitive data in your audit logs. 
  5. Stay informed. When in doubt, turn to the experts and constantly stay informed. We highly recommend and have referred our own employees to a set of excellent presentations on operational security published by PagerDuty. Anyone looking for additional guidance should definitely check it out: https://sudo.pagerduty.com/for_everyone/

 

The bottom line: don’t skimp on security. It’s just going to continue becoming more and more important every day. 

 

For a deeper dive into the topic of security, including how to sell security to your customers, join the upcoming ConnectWise webinar, ‘Key Tactics to Monetize Your Security Offering’, taking place on January 27th. Register now: https://www.connectwise.com/resources/webinar-monetize-your-security-offering