By Tim Brown, VP, Security, SolarWinds MSP
For MSPs, the traditional approach to cybersecurity focuses on defense and prevention, but as cybercriminals get bolder and more sophisticated, that’s no longer enough. What’s needed is a proactive security posture that MSPs can enforce with their clients using these nine best practices:
1. Focus on risk – Rather than trying to achieve 100% security, MSPs should shift the conversation toward how much risk each client faces. Start by acknowledging that 100% security isn’t attainable because cybercriminals always find new ways to attack. Then, set security metrics and track them. For instance, by ascertaining how many applications lack the latest security patches, you can uncover any security vulnerabilities that must be addressed.
2. Prioritize the data – Each business has a set of “crown jewels,” including employee health records, customer credit information, and bank account numbers. This sensitive data should get the highest levels of security to make it harder for hackers to access it. Work with clients to define and protect their crown applications, systems, and data.
3. Practice good cyberhygiene – Good cyberhygiene means staying vigilant about security maintenance to prevent common threats, such as phishing and ransomware. Examples of cyberhygiene tasks MSPs can handle for clients include a strong endpoint security plan, frequently checking administrative rights for sensitive data, a consistent patching regimen, ongoing data backups, and a response plan that’s ready to go in the event of an attack.