By Ellen Jennings, CEO, BEI
Today’s businesses face an IT environment where proprietary information and confidential client data must be secured against ever-escalating attacks and evolving vulnerabilities. At the same time, employees can now work from anywhere using mobile devices that access company data and malicious threats (from device theft to hacking to ransomware) loom large with their potential to expose that sensitive information. These threats are concerning for businesses of all sizes and across all industries — especially in healthcare and finance where laws and regulations like HIPAA and FINRA require data security diligence backed by requirements with substantial fines and penalties.
Businesses that have faced the devastating harm of a data breach or ransomware know data security is no place to cut corners and all possible measures should be taken to avoid such an outcome. Cloud-based security services, as delivered by MSPs, are increasingly providing essential value to clients with sensitive data and the need for more flexibility than is available with on-premises security solutions.
For MSPs, this means implementing services that extend security protection when data is distributed and under conditions that make it vulnerable. This strategy, therefore, must be holistic and provide protection against emerging threats to ensure data is robustly defended. An MSP’s cloud-based security services should include:
- Employee Training
While easy to do, don’t overlook the employee role in safeguarding data. The finest data security technology in the world cannot protect against a data breach if employees don’t act properly. Login credentials must be unique and kept secure. Active sessions must not be left unattended. Employees must have the ability to recognize online scams. Employees remain the greatest risk area when it comes to a company’s data security – 95 percent of all data breaches are rooted in human activity (counting both purposeful and careless behaviors).
For MSPs, incorporating a cloud-based platform that can effectively deliver employee security is a necessary first step in maintaining data security. These platforms prepare employees to be aware and vigilant about threats to data, such as how to recognize and avoid phishing incidents, the dangers of unsecured Wi-Fi, the importance of secure authentication, and other scams that often lead to data compromise. Training mitigates the risks of employees making the careless mistakes that lead to disaster and make headlines.
Here at BEI we have been using Breach Secure Now a platform that allows us to easily deliver data security training to our client employees under our brand. Our clients may also choose weekly micro-training, a monthly newsletter, a full set of employee security policies with an employee acknowledgement platform, an annual security risk assessment, and a simulated phishing tool. MSPs are in this with their clients — a breach or compromise to client data certainly isn’t good for clients, but it sure isn’t good for us (the MSP) either.
- Remote Data — And Device — Management
As more employees work remotely, access to sensitive company data via personal and corporate mobile devices becomes 24/7. Too many data breaches occur when employee laptops, smartphones, or other devices are lost or stolen. Even a diligent employee may carelessly forget his phone at a restaurant or airport, or lose her laptop to a car break-in. Just like that, a company faces a data breach and all of its consequences.
To address this risk, cloud-based remote data encryption and security services are able to oversee company data on employee devices and protect data on PCs, laptops, phones, tablets, or USB drives in the event those devices are compromised. We’ve implemented Beachhead Solutions’ SimplySecure as a PC and device security system because of its ability to remotely manage security and encryption policies and give us the ability to remotely revoke access and wipe data when appropriate. The centralized management and status console is vital in demonstrating proof of data security. With a cloud solution of this type in place, employees are provided the full freedom and efficiency of working from anywhere, while sensitive data remains under the same secure IT oversight that protects devices within the office.
- Data Backup
In addition to data breaches, loss of data access is a significant threat: for example, when an MSP’s client experiences a ransomware attack where data is held hostage. Implementing an effective data backup solution can mitigate these scenarios. We’ve used Datto to implement both local and cloud-based backup for essential data. Solutions such as this, offering both local and cloud redundancy, provide the ability to recover data quickly. If a catastrophic event renders the local backup inaccessible — ransomware, device loss/damage, etc. — data can be restored from the cloud.
Ellen Jennings is CEO at BEI, a provider of IT Managed Services.