To Secure WFH Clients, MSPs Could Use A Fresh Bag Of Security Tricks
By Peter Verlezza, SMB Networks, LLC.
With their clients rapidly implementing work-from-home policies during the past year (that by and large prioritized access over security), MSPs have been trying to shore up security holes in those new distributed workplaces as fast as they can. Employees have long been the weakest link when it comes to a business’s device and data security. Now, the threat of data exposure due to improper employee behavior has expanded – rapidly.
Many employee-used desktops will never again abide within the safer confines of a centralized workplace, now instead spread across myriad networks and remote locations. These circumstances heighten risk on multiple fronts, increasing the possibility of devices being lost or stolen as well as the potency of phishing and spearphishing attacks. While standard security measures such as data encryption, access controls, and up-to-date antivirus and anti-malware mechanisms remain essential, they alone cannot always answer the challenges MSPs now face.
For my fellow MSPs tasked with securing distributed workplaces, my advice is to upgrade your arsenal. Any incremental cost will be well, well worth it in the long run (and likely also even in the short run). As the parameters of client security management have now expanded, so should the toolsets used to protect client environments expand as well. Here are several capabilities MSPs ought to add to their repertoires, to achieve comprehensive safeguards for data and devices used by employees working from home.
Two-Factor Authentication (2FA)
Remote work practices drastically increase the risk of unauthorized access. If employees practice poor security hygiene, devices may become lost, stolen, or even simply lent to family members, inadvertently allowing data to become exposed. Data encryption and password protection only go so far. Employees working outside the office may become lax in safeguarding their credentials or fail to monitor their devices during credentialed sessions. When an organization’s sensitive data depends on the strength of an employee’s password and vigilance alone, that data is in peril.
By introducing 2FA security to control access to client data from all employee-used devices, MSPs can add a crucial layer of protection that insulates data from exposure in many scenarios that would otherwise result in a breach incident. At the same time, 2FA functionally equips employees with the means to enforce the security of their own devices more effectively, simply by making sure that no active session is left unattended.
Many of the increased risks associated with WFH policies stem from the fact that devices are physically positioned in countless remote offices rather than a singular defensible location. Distributed workplaces call for MSPs to better understand and control devices along this new perimeter.
By utilizing solutions that enable geofencing capabilities, MSPs can draw new perimeters to secure employee-used devices wherever those remote workplaces are located and deny data access if they stray from where they’re supposed to be. In practice, these solutions provide automated notifications that alert MSP administrators when a secured device travels outside its established geofence. The MSP can then take steps to investigate the potential risk and neutralize the threat if appropriate by remotely revoking access from the wandering device.
Co-Managed IT (CoMITs)
Given the seismic shift in practices that businesses have had to rapidly navigate and adapt, it stands to reason that enterprises with the means would like to gain more control over their own destiny, from a technology perspective. Offering CoMITs, in which an MSP shares solution management duty with select clients’ internal IT teams, provides value while fulfilling a key demand for those organizations. At the same time, MSPs still provide requisite expert oversight and maintain careful guardrails to guarantee safe operations. To be clear, CoMITs is only a fit for larger clients with in-house IT capabilities, and which have earned their MSP’s trust that a CoMITs relationship will be an effective one.
In my opinion, CoMITs is a win-win for those MSPs and clients for which it’s appropriate. Clients gain the access needed to make decisions quickly and independently. MSPs build closer and more collaborative relationships with their clients and win new ones by delivering a distinctive competitive differentiator. Clients receive similar differentiators by achieving superior results.
With both MSP and internal teams managing solutions, more eyeballs equate with greater success, especially when it comes to security. For example, our partners at the device encryption, security, and access control provider Beachhead Solutions recently reversed a long-standing policy forbidding CoMITs to now embrace the practice after demand from MSP partners and their end user clients. When implemented correctly by MSPs ready to engage in mutual collaboration, CoMITs is a powerful technique allowing clients to play an active and effective role in protecting their distributed workplaces. I expect more vendors will follow those like Beachhead who are adapting to CoMITs practices.
The task of securing clients’ data and devices in the current remote work reality calls for a new exploration of MSP solutions and practices. By enlisting a fresh (or fresher) bag of tricks suited to the challenges of protecting client assets regardless of location, MSPs can both reaffirm existing relationships during these difficult times and stand apart in the marketplace by offering superior security and service.
About The Author
Peter Verlezza is Managing Partner for SMB Networks, LLC. SMB Networks, founded in 2006, is a Connecticut-based IT services provider working with medical practices, nonprofits, and other organizations in the state.