Bad habits are hard to break, and that’s especially true when it comes to small businesses and cyber security. After all, it’s easy for SMBs to think “that will never happen to me,” and let things slide that end up creating real security concerns.
The truth is data breaches and cyber attacks are very real possibilities for small businesses. According to the National Small Business Association, 44 percent of small businesses report being the victim of a cyber attack, and the number of data breaches reported each year continues to climb.
As I mentioned during a panel discussion on cyber security at CompTIA’s recent Annual Member Meeting, it’s not a question of if businesses need security; it’s a question of what level of security they need. For managed service providers, I think it comes down to communicating with your customers and educating them about what to do and what not to do.
The other speakers on the panel brought up some good examples of the types of errors they see small businesses make all the time. Here are a few I think you’ll need to watch out for with your SMB customers.
1. The Post-It full of passwords
The next time you’re at a customer’s office, take a walk around. I’m willing to bet you’ll find at least a few desks with Post-It notes full of passwords stuck to the bottom of a computer monitor. Yes, it’s convenient, but it also provides easy access to sensitive information to people who shouldn’t have it—like disgruntled employees or a thief during a break-in.
The Fix: Take the opportunity to explain to your customer why this is a bad idea, and give them some ideas on how manage passwords safely.
2. Out-dated operating systems
Technology is an important part of every small business, but it’s often not a priority. That’s how things like updating operating systems fall through the cracks or get ignored until they become a serious security threat. For example, do any of your customers still have systems running on Windows XP? If they’re running a more recent operating system, are they keeping it up-to-date? If you don’t know, find out.
The Fix: If you do have clients running outdated operating systems, it’s a good opportunity for you to help them transition to something more secure. Even better, you can use it as a chance to initiate a managed service contract to take care of updates and patches going forward.
3. Security software that never gets updated
Some small business owners think they’re secure because they invested in a firewall or installed antivirus software on their machines. But odds are they didn’t take the next step and pay for subscriptions or updates to go with it, which means they aren’t nearly as secure as they think.
The Fix: When you talk to your customers about cyber security and they tell you they have programs in place already, ask when they updated that software. I’m willing to bet that they won’t have an answer to that question. That means there’s another good opportunity to establish an ongoing managed service handling security updates for that client, which means more recurring revenue for you as an MSP.
4. Old employees still have access
Lax password policies and passwords that don’t expire create another security concern for SMBs. If your customers don’t set passwords to expire regularly, there’s a good chance a number of former employees still have access to their system. That doesn’t necessarily mean any of them will do something malicious, but would you really want to take the risk?
The Fix: Help your customers set up a solid password policy, and explain why it’s important to have passwords that expire regularly. Yes, their employees might think it’s a hassle at first, but the improved security will be worth it. While you’re at it, help your customers teach their employees the best practices for choosing a strong password that’s easy to remember but hard to guess.
By now, I’m sure you’ve noticed that education is the main theme running through all of these solutions. Use these common cyber security mistakes as learning opportunities for your customers. Teach them why cybersecurity matters and what they can do to help make their businesses safer. And take the chance to stress the value you can bring as an MSP by helping them address their security concerns.