Business owners are caught in a quagmire of confusion when it comes to protecting their networks, data, and proprietary information. Most pay attention to the news reports of hackers and ransomware or hear their peers talk about their own experiences with similar issues. Unfortunately for SMBs, especially those with no internal IT resources, the mysteries surrounding cybercrime and their own internal business vulnerabilities are getting murkier.
Those unknowns are scary for owners and managers. While the responsibility for protecting data and business secrets falls on their shoulders, relatively few understand the real threats or know enough about protection schemes and technologies to properly lock down that information. Not many organizational leaders are capable of handling that responsibility ‒ or even know where to start.
MSPs with a strong comprehension of the various business threats should be leveraging that knowledge to strengthen their SMB relationships and increase sales results. Knowledge is invaluable today. Business leaders need someone to cut through the clutter and confusion. Most MSPs are perfectly positioned to be that resource, to assess an organization’s current security posture and infrastructure before proposing the best possible solutions.
Recognize the Internal Threat
Employees are an organization’s biggest asset as well as its principal threat. Few businesses can scale without a team of dedicated employees producing and selling their offerings and providing high-quality support to their customers. Their contributions are invaluable.
Successful leaders understand that point. Unfortunately, to keep everyone happy and maintain high productivity levels, some loosen the reins too much, giving their team members carte blanche access to critical systems and business information.
Not everyone should be trusted with open access without some checks and balances in place. With so many cloud computing and electronic messaging options today, it’s far too easy for proprietary or sensitive information to be passed on to unauthorized employees and people outside the organization.
Workers often have access to a literal treasure trove of information, including details on clients, company finances, and product/service roadmaps. When you consider that employees are also the weakest link in the cybersecurity fabric, that should raise a red alert.
Companies must continually be looking out for individuals (including managers) who deliberately compromise their networks or data. Security experts suggest careless behavior is a primary cause of breaches and poorly trained workers contribute significantly to breakdowns in network and data protection.
Of greater concern may be the insiders who steal valuable data such as customer credit card and social security numbers or send proprietary information to personal accounts or competitors. Those are the types of concerns rarely discussed in public forums. Nonetheless, every business should have protections in place to prevent corporate espionage and data theft. It presents a real opportunity for MSPs.
Create an Outbound Strategy
Open information access and poor data management policies create a potentially deadly combination for businesses. MSPs have to establish rules and boundaries and implement solutions that ensure the integrity of outbound information. For example, what data are employees allowed to share via email, instant messaging, and other communications processes? Restricting personal information such as credit card and social security numbers is a “no-brainer”, but what about sales contact lists or marketing plans? Each company needs to develop its own restrictions in a detailed information security policy.
The objective is to keep private and proprietary data inside the “corporate firewalls”. If information could compromise the company, employees, clients, or others if leaked, it should be on the restriction list. MSPs can use some of the many compliance requirements for guidance. Government regulations such as SOX and GDPR, and industry standards like PCI can help providers identify the data they need to protect.
Information security policy development has increasingly become a collaboration between MSPs and their clients’ management teams. Company leaders may outline the types of information they wish to protect (e.g., proprietary marketing plans, sales objectives, accounting reports, and personnel files) and rely on IT consultants to construct, validate, and enforce the guidelines.
Thanks to technologies like email filtering, that strategy is much easier to execute today. For example, Mailprotector’s SafeSend solution gives administrators the ability to define content which is not acceptable to send out. The best way to prevent proprietary and sensitive data leakage via email is to identify and quarantine outbound messages containing protected information.
Get an email filtering tool that enforces your clients’ information security policies. Check out Mailprotector’s SafeSend compliance solution today.