Attackers See MSPs as the Key to a Treasure Trove of Data
…due care. Many small businesses have noted their willingness to sue if a data breach were to occur, even if they did not contract their MSP to provide cybersecurity. As a result, MSPs should actively take steps to mitigate not only their risks, but also customers and vendors, to fully protect the supply chain. These steps include:
- Conduct a security audit – If an MSP or its customers cannot remember the last time a security audit was done, then it’s probably time to do one. This risk assessment helps identify weaknesses – such as outdated technology or policies in place – and shapes security posture.
- Prepare for the worst – After conducting a security audit, implement an incident response plan that communicates openly with internal employees and third parties, such as customers, on what happened, how the attack may have happened and what steps are being taken to reduce risk in the future.
- Standardize procedures – Don’t procrastinate on implementing policies. These allow employees to understand the proactive and reactive steps to take in case of an event and help measure success and areas of improvement.
- Communicate, communicate, communicate – MSPs and customers should have a clear, agreed-upon outline – written down, preferably – of what MSPs and customers are each responsible for. This legally protects both parties in the event of an incident. MSPs should also make it a requirement for customers to adhere to the same cybersecurity protocols as them to ensure there’s no “weakest link” in the security chain.
As the marketplace continues to grow, attackers will only invest more time and effort into compromising MSPs. Understanding that attackers are making service providers a priority means it’s time for MSPs to step up their defenses or risk being the next MSP talked about in the news as an example of what not to do.
Dror Liwer is the co-founder and CISO of Coronet, a leading provider of data breach protection for companies that use the cloud. He brings more than 25 years of technology, security and business development experience to Coronet, including posts as CIO of the IDF’s Military Police, CEO at Pose, a venture partner at RDSeed, general manager at IXI Mobile and senior VP at Publicis and Wunderman. Follow Liwer or Coronet on LinkedIn or on Twitter @coronetworks.
- Page 1
- Page 2