Employees often want and need access to company files while in the field, but if they access and transmit corporate data via an insecure device, server or network, they are placing the business at increased risk for a cyber security incident. Here's what SMBs can do to curb this dangerous behavior and how can MSPs help.
October is National Cyber Security Awareness Month and an excellent opportunity for MSPs and solution providers to educate their customers on how to protect their data, applications and IT infrastructure from cyber attacks.
One area that SMBs often struggle with is securing how remote workers access corporate data and applications. Many employees want and need access to company files while in the field, but if they access and transmit corporate data via an insecure device, server or network, they are placing the business at increased risk for a cyber security incident. So, what can SMBs do to curb this dangerous behavior, and how can MSPs help?
Here are four steps that will help MSPs create a more stable and secure remote workforce for their customers, without compromising flexibility or manageability.
1. Set up a central repository for corporate data.
When MSPs centralize a customer’s data on something like a shared network, they make it easier to manage the exchange of information. Solution providers can then set restrictions on who can access the data, limiting it to the appropriate people and departments. As a best practice, MSPs and solution providers should also set up their customers’ networks so the files are readable by personal devices but can’t be copied to the local level. This will allow employees to access information remotely but prevent them from saving it on their personal devices.
2. Develop a BYOD policy.
When it comes to mobile device usage, MSPs and solution providers should clearly define rules and procedures for their customers' employees to follow. If there isn’t a formal BYOD policy in place, they risk having an employee make a critical mistake and increase the potential for legal ramifications.
Don’t try to “boil the ocean” by supporting every device imaginable. It simply isn’t possible to do that efficiently and effectively at scale. Instead, prioritize which devices will be supported, and then identify the level of support that will be provided. For example, you could allow employees to use any Apple or Android device that supports Microsoft Exchange up to a certain level. Then, note the specific plug-ins that will be supported for those Apple and Android products. It is also important to account for industry regulations like HIPAA and SOX, and put a process in place for handling issues like lost or stolen devices.
3. Educate employees about the BYOD policy.
Each of the customer’s employees must fully understand the BYOD policy once it has been established. MSPs and solution providers can help by facilitating training on security best practices and red flags to look for, such as a smartphone powering on randomly or the microphone turning on. These are symptoms of spyware operating on the phone and pose a huge risk. As a best practice, all new employees should be asked to sign a contract on their first day once they receive their company laptop. On their last day, the employee should sign the machine back over to the business. This process ensures that there’s a full line of ownership for each machine or device used internally.
4. Deploy software with remote wipe capability.
Another risk MSPs and solution providers should account for is a situation where a customer’s employees lose their smartphone or tablet. If the employees have previously accessed company data on their devices, such as syncing their work email to their phone, it could create a problem. By deploying software that has remote wipe capabilities on customers’ employees’ devices, the MSP can prevent sensitive information from being exposed. A BYOD policy should also require employees to notify management of a lost or stolen device.
When MSPs and solution providers follow these four steps, it will help to position them as security experts, and they can then leverage the experience they gain across their customer base to create incremental revenue streams and grow their businesses.
Scott Graham has more than 25 years of experience running IT organizations for high-growth venture-funded companies and larger publicly traded global organizations. He has focused on architecting, developing, and implementing High Availability Environments to support mission critical systems. Before joining Intronis, Scott served as the VP of IT for Consumer United, a venture-funded brokerage house where he led a complete transformation of all systems and infrastructure. Prior to Consumer United, he was the Managing Director for First Marblehead and transformed their IT systems to provide student loan decisions in less than 5 seconds. This allowed First Marblehead to become the number one student loan provider in the country. He has also held senior management rolls at Avid Technology, Quantum Bridge, and 3Com. Guest blogs such as this one are published monthly and are part of MSPmentor's annual platinum sponsorship.