Posts

One very painful truth about running a business is that you possess data that is attractive to criminals. There is no avoiding that reality. You have data. They want data. It is an ongoing challenge to maintain data security as cyber criminals’ efforts evolve and change on a daily basis. The wall that kept you safe last week may have holes in them today. Keeping up with the latest threats is a specialized field that in-house IT support likely doesn’t have. An MSP can provide the support you need in the face of ransomware threats and other malware. Also, an MSP can provide 24/7 monitoring.

Speaking of data security, brand damage isn’t the only issue with data security breaches. In many cases, there are data protection laws that regulate how you secure personal information. In specific industries there are federal, state, and even overseas regulations that set standards for data protection. How you choose to protect data may be out of your hands. MSPs have the experience and knowledge to address compliance management. For example, there are a number of data protection laws (HIPAA, FERPA, CA Privacy Act, GDPR, FTC Safeguards Rule) out there that not only provide penalties if a data breach occurs, but also mandate specific protocols to better ensure your data is protected. Avoiding a data breach isn’t enough. Some of these protocols can be quite demanding and some require periodic testing and are subject to audits. Samples of the types of requirements mandated by some of these laws may include.

  • Designating one individual to oversee data protection and security
  • Conducting a risk assessment – This means analyzing what data you possess , where it is stored, and in what ways it is vulnerable.
  • Creating safeguards to address all potential areas of vulnerability
  • Designing and documenting tools to secure your data and tracking access
  • Tracing the location and security of all data whether it is at rest or in transit.

Not only do you have to set up protocols, you may have to prove they are operative and be subject to audits. All of this can be extremely distracting to a small business.

Another area related to data security is the issue of backup and recovery. So much can go wrong. There is nefarious activity: criminals actively trying to break into your data and steal it. There is human error: individuals taking actions that accidently delete or damage data. And of course, hardware can fail and software can have bugs. And, if not done correctly, backups may be infected and be of little value.

An MSP can design backups that are continual and are protected at an offsite location.

More importantly, it isn’t enough to know your data is safe if something happens. Your business is dependent on using that data. Losing a day of access can cripple your business. That means planning for recovery in case something happens. How will you transition to another mode of data access? Your customers expect 24/7 availability. An MSP can develop recovery plans that work to ensure your operations see minimal disruption in the event of a failure.

The cloud is now the preferred method for data storage. However, justified or not, there are a few worries you might have about migrating to a cloud solution.

Isn’t my data safer at home?

While cloud storage offers enhanced security measures, organizations may still have reservations regarding the privacy and protection of their data. Somehow keeping it in your own location sounds safer. To overcome this concern, an MSP can help you fully understand the security measures implemented by most cloud providers, including encryption methods, access controls, and data isolation. Also, they can help determine that your cloud provider’s protocols meet any regulatory standards you are required to meet, such as federal, state or international data security laws.

Network Connectivity and Bandwidth

Reliance on internet connectivity is inherent in cloud storage. The cloud isn’t useful if you cannot access it. Organizations need a stable and robust internet connection to ensure access to their data. In situations with limited bandwidth or intermittent internet connectivity, accessing and transferring large files can become a challenge. However, if reliable internet access and bandwidth provisioning is an issue for your business site, that is a problem you need to address no matter how you plan to store your data. Few businesses can function reliably without solid high speed bandwidth. An MSP can provide guidance on how to handle this issue, if reliability in your location is a problem .

Vendor Lock-In and Data Portability

Are you worried about what to do if you change your mind or want to change cloud providers? In other words, “Can I pull all my data back in-house or choose another cloud provider without creating a headache?” Transferring data between cloud providers or migrating back to an on-premises infrastructure can be challenging. Be sure to discuss this with all vendors bidding for your business. Again, an MSP can help navigate the complexities of proposed contractual language.

Some last thoughts

The cloud isn’t a total cure all. You still need a robust and secure in-house infrastructure to support your everyday operations And this infrastructure needs to be defended against cyber criminals, on top of everything else. An MSP can be the solution for smaller firms who don’t have the resources, time, or inclination to manage their in -house IT needs.
Two possible areas where an MSP can help are…

  • Continuous Monitoring and Support

    Once the transition is complete, MSPs provide ongoing monitoring and support for the cloud storage environment and your internal operations. MSPs can handle routine maintenance tasks, such as updates, freeing up internal resources and allowing businesses to focus on their core operations. They can also offer 24/7 monitoring on the remaining in-house IT infrastructure.

  • Security and Compliance Management

    You may have regulatory compliance concerns, as well as internal security requirements. An MSP has the experience to guide you in developing plans to meet those requirements.

With all the talk about cybercrime and the recent spate of headlines about ransomware, concerns for your data security and the safety of your business keep growing. Avoiding a data breach is critical to your business, so it is vital that you focus resources and time on cybersecurity. Your MSP can be your best support for handling the variety of solutions to the problem of cybercrime. However, don’t forget what you can do on your own. Amidst all the sophisticated tools to protect your data, don’t forget the role of the lowly password. Passwords are there all the time, so we tend to take them for granted.

Here are four easy best practices for good password hygiene which don’t require hand sanitizer or staying six feet apart.

Strong Passwords

Many advisors suggest that a strong password includes letters, numbers and symbols. Basic vocabulary words, from any language, can often be hacked through brute force–just bombarding with a stream of words until you hit the correct one. Numbers and symbols can make that less successful.

Update Passwords

The longer a password is hanging around, the more likely it may be compromised. Frequently changing passwords, just like changing the batteries in your smoke detector, should be done on a regular basis. Try the first day of every third month.

Cancel Passwords when access is no longer needed

In a workplace setting, access should be eliminated immediately upon the termination or transfer of an employee. Not tomorrow, not later today–Immediately. This is particularly true in the case of an involuntary termination, when a now former employee may have a motivation to act nefariously. Also, when an employee’s job duties change, some access from their previous position may not be relevant with their new role.

Multi-factor Authentication

Multi-factor authentication (MFA) is the access process that requires a second step to access data. You probably come across it frequently. Many retail sites now use MFA for returning customers who want access to their account or order history. MFA asks for your password and then authenticates you by sending a one-time code to another platform. Most frequently, this means sending you a text. The intent is to diminish the possibility that the password is being used by someone not authorized to have it. Anytime you use an ATM machine, you are using a version of MFA (The debit card is step one, the PIN is step two)