These days, MSPs would be foolish not to help their clients make their digital properties more secure. It seems that every week that we hear about yet another massive data breach with the loss of millions of records, often full of personal identifiable information (PII).
This information often gets distributed in an online black market where people can buy information like social security and credit card numbers. Nobody wants to be the next company to get caught up in a scandal. It makes you look indifferent and it can be costly in terms of lawsuits and fines. Simply put, it’s bad for business.
Just this week, Facebook admitted exposing the passwords of hundreds of millions of users in plain text. For starters, that’s called being careless. It’s also a big wake-up call, because if a web scale company the size of Facebook with an army of engineers can’t keep data safe, it is pretty daunting task for everyone else.
Most of the companies reading this blog won’t face breaches on the scale of Facebook, Equifax, Marriott, or any other of the more recent infamous incidents, but the impact on any business, regardless of your size, can still be profound.
Tighten the reins the right amount
You want to have a common-sense approach to security at your companies and those of your clients. Of course, you want your customer’s data to be safe, but in a world of hackers and phishers, it’s not a simple task.
It’s easy to just throw up your hands against the steady onslaught of internal and external threats, but that’s not an option. Neither is being so strict that you can’t do business with outside parties without jumping through security hoops. Companies who set up the strictest guidelines often obstruct themselves in getting work done.
That means you have to walk a fine a line. You don’t want to be laissez-faire when it comes to security, but you still need to help your clients set up guard rails to warn them when it looks like they are being careless. Yet, you don’t want a constant onslaught of messages and warnings, so that users stop taking them seriously and simply click OK to move on.
Security certainly isn’t easy, but as your client’s IT advisor, it is your job to help guide them to the most reasonable and best solution for each company’s individual requirements. There is no one-size-fits-all approach.
Nobody would ever argue that security isn’t essential, but that doesn’t mean you have to be so stringent that you get in the way. The trick is finding the right balance.
Photo: Thomas Drouault / Unsplash