Beyond The Headlines: Taking A Holistic Approach To Data Security
By Chris Crellin, VP of Product Management, Intronis
It seems as if a week doesn’t go by without a data breach making headlines. From recent news of backup tapes gone missing from a Massachusetts-based hospital to a phishing attack at an Indiana-based healthcare system to a malware incident involving payment cards at several upscale hotels in California, the reasons for these data breaches vary widely. While each of these incidents offers a cautionary tale for businesses of all sizes, they don’t fully illustrate what’s needed to successfully fill the security gaps that exist today.
The fact is IT pros will often become sidetracked by the sensational nature of today’s headline-grabbing data breaches. This can lead to knee-jerk responses that address the specific weaknesses exposed by a security incident but fail to look holistically at the overall security posture of the business. It’s a big miss that can easily be avoided when managed services providers (MSPs) and solutions providers take the time to fully understand their clients’ risk profiles.
Assessing Customers’ IT Security Risks
CompTIA, the IT industry association, has created a useful, vendor-neutral tool that helps MSPs and solutions providers build a security profile for their customers. The CompTIA IT Security Assessment Wizard looks at how a business protects information and shares it with customers and partners. It then creates a comprehensive and easy-to-read profile that illustrates the IT security strengths and vulnerabilities of the business.
MSPs and solutions providers can use this information to help their clients identify areas of risk, as well as any potential damage that might result from a breach. From there, solutions providers can then recommend solutions that will plug any holes in the business’ security profile, with the goal of preventing a future breach.
Helping SMBs Protect Themselves
Beyond the security assessment, there are a couple of other ways that IT solutions providers can add value when addressing the security concerns of their clients. First, they should start by talking with their clients about what they need to be doing to protect their business from a data breach. In reality, SMBs are usually their own worst enemies when it comes to data security because user error is often to blame for data breaches. Whether it is losing a laptop computer, inadvertently emailing confidential data to outside parties, or failing to schedule a backup of the organization’s data, there are many opportunities for human error.
Next, IT solutions providers can help their clients develop security policies. Most successful companies have formal, documented security policies in place that govern operations both within their offices and in the field. For more information on developing security policies, check out my recent Business Solutions Magazine post on “5 Best Practices for Establishing a Security Policy.”
The landscape surrounding data security is constantly in flux as malware and other malicious threats to cybersecurity evolve. My number one piece of advice to MSPs and solutions providers is not to rely on today’s headlines to achieve success; instead approach data security with your eyes wide open and never lose sight of the big picture. While it’s easy to point to the latest public breaches, what your clients really need is a partner who will help them successfully identify their risk profile and implement solutions that will plug any and all security gaps.
Chris Crellin is vice president of product management at Intronis, a Boston-based provider of world-class backup and data protection solutions for the IT channel. He has more than 15 years of experience in the security and data protection industries and previously worked for Datto, Inc. and RSA, the Security Division of EMC.