We’re excited to introduce MSP360 Managed Backup 7.0, with the new Backup Storage Browser feature, the ability to seamlessly add network shares to the backup plan source directly from the management console, Windows Server restore directly to cloud-based virtual machines, an Overdue status for endpoints on the Computers page, and the ability to authorize computers in a single user flow with a new Authorize group action. Continue reading
3 Steps to Choosing a Cloud Storage Provider
There is no cloud storage solution that fits all the needs of your company. No solution is built to store data backups and be used as a file-sharing and collaboration service at the same time. Sure, you might try using Microsoft OneDrive or Dropbox for Business for backups, or set up AWS Amazon S3 for file sharing but, in most cases, that would end up as an inefficient, expensive and insecure solution. In this article, we will define how you should choose a cloud storage provider, based on your unique needs. Continue reading
IT Security FAQ: Everything You Should Know
Although cyber-attacks are rapidly growing in volume and sophistication, the fact of the matter is that organizations are still struggling to fight back. Continue reading
News You Might’ve Missed. 26 – 29 Apr
What's new this week in the news for MSPs? Google launches new cybersecurity features for Google Cloud and Workspace; Washington, DC Police Department ransomware attack; and Prometei botnet leveraged by hackers in Microsoft Exchange exploits. Continue reading
News You Might’ve Missed. 19 – 22 Apr
What's new this week in the news for MSPs? REvil ransomware allegedly strikes Quanta Computer, takes blueprints for Apple; hacking campaign against Pulse Secure VPN devices breaches government agencies; Qlocker ransomware attack leverages 7-Zip to encrypt QNAP devices; and Codecov supply-chain attack hacks hundreds of networks, according to reports. Continue reading
CloudBerry Explorer for macOS 1.4 is Out
Introducing the new and updated version of MSP360 Explorer for macOS. We’ve listened to your feedback and are glad to present the latest version of our application. Continue reading
How to Mitigate BYOD Problems
“Bring your own device”, or BYOD, is a situation where a company's employees use personal devices to access corporate network resources or applications. These devices typically include mobile phones, tablets, and laptops. The BYOD approach can occur intermittently, meaning that some employees enter corporate resources from time to time, without notifying their system administrators. In such cases, ”bring your own device” can be a serious security issue for the company. Continue reading
MSP Mergers and Acquisitions: Key Ways to Prepare
Mergers and acquisitions, or M&A for short, is a great way to enter the MSP business or to increase your customer base. On the other hand, you might want to leave the business if you're tired of it or if you feel like there's nothing more you want to achieve. In this article, we will overview how to get ready for mergers and acquisitions, and where you can find a good deal. Continue reading
Guide to Data Security Management
Data security management is a centralized approach that allows you to standardize and streamline your security operations, thus making them more robust and failure-resistant. In this article we overview exactly why you need to implement data security management, how it can be implemented and what kind of attacks you will typically be facing and, lastly, give you the best tips and tricks for building a failure-resistant data security solution.
Why Data Security Management Is Important
According to a study by Varonis, only 5% of organizations’ folders and files are properly secured. Data security management allows you to mitigate potential risks and reduce the number of successful attacks on your business's data. Here are more reasons why you need to implement data security management:
- Data breaches cost a lot. In the event of a successful ransomware attack, your mission-critical data will be locked. Unless you have valid backups in place, you will either lose the data or pay the ransom. And according to Coveware, the average ransom paid in 2020 was $233,000. Even if you decide to recover your data and not pay a ransom, you will still experience losses due to downtime; and, even if it’s not a case of ransomware attack, any data loss will lead to costs.
- Business continuity. If, for example, you lose access to your e-commerce database for an hour, your whole company's operations will be stalled for this hour, which, in addition to the financial losses, means missed business opportunities.
- Bad reputation. Also, if you lose your clients' data or if it is exposed due to a successful hack, you will have to report it, which will eventually lead to reputational losses.
- Compliance. Lastly, if you manage financial, health, legal or other sensitive data, its loss means that you will in most cases be sued and eventually fined.
Further reading Data Security in the Cloud: Best Practices for MSPs and Their Clients
Types of Attacks That Data Should Be Protected From
Once you have persuaded the decision makers that you need data security management in place, it's time to define the types of attacks you will be protecting your business from. Here are the most typical of them:
Malware. Ransomware, worms, trojans, and other sorts of injected programs aimed at interrupting your normal business operations or stealing your data.
Further reading Ransomware Attack Scenarios
Phishing. Phishing is a popular way to distribute malware or steal data that will be used for injection later on, via emails sent to your users.
Network attacks. Any modern business has at least something in their network exposed to the Internet, which is full of malicious scanners trying to find a vulnerability in order to carry out an attack.
Further reading Network Security Best Practices
Internal attacks. A fired employee who had privileged access might steal or delete mission-critical data if their access to the network has not been not disabled promptly.
Other Data Security Threats to Consider
Outside of targeted attacks, there are more threats that you should consider when creating a data security policy and a disaster recovery plan:
Human error. Human error is one of the most common causes of data breaches, both large and small. It's advisable to perform training for end users to reduce the probability of data loss.
Equipment failures. While you can monitor the health of your equipment, there is always a chance of spontaneous failure. So your disaster recovery plan should include this probability.
Shadow IT. The IT inventory of every modern organization is pretty complex. There are dozens of pieces of hardware and types of licenses you acquire and manage. It is a challenging but necessary task to keep track of this.
Incorrect disposal of devices. Old data storage equipment should be recycled with extreme attention. A single old hard drive with sensitive information can lead to further security breaches or a compliance case.
10 Tips to Protect Data Properly
- Classify your data to define mission-critical material. Once you know this, you will be able to develop a detailed disaster recovery plan.
- Audit data access policy. Use the rule of least privilege to restrict access to critical data to those users who need it.
Further reading IAM vs PAM vs PIM: The Difference Explained
- Control data movement. If any of your users can store sensitive information outside of corporate storage, you should know about this.
- Audit security regularly. Data security is one of the key aspects of overall IT security.
Further reading IT Security Audit: A Comprehensive Guide
- Implement a password policy. Develop a strong password policy and implement multi-factor authentication solutions where possible. Also, do not allow your end users to choose and change passwords on their own, unless you want to be hacked because of a ”john123” password.
Further reading Password Management Best Practices
- Backup data. Your last line of data defense is a valid and up-to-date backup. There are numerous ways to lose data and it’s impossible to protect against all of them. But you can develop a comprehensive backup plan to be sure that your data is secure.
- Test recovery. While backup is necessary, what you really need is data recovery. You should test your recovery plans and verify that your files are accessible, your system image backups can start and your equipment is ready for various data breach scenarios.
- Fix vulnerabilities. As you find new vulnerabilities, fix them on day one.
- Use tools. Data security management is not a great area for implementing DIY solutions.
- Train your customers and employees. You should train your clients to protect themselves from the most typical attacks, and to use the solutions correctly. This will reduce the probability of their losing data as the result of a mistake.
Conclusion
Data security is one of the most important pillars in modern-day organizational security. You should create a thought-through, complex, yet usable policy. Revise and test it regularly to ensure that it remains in line with your company's processual and infrastructural changes. In this way, you will reduce the probability of an expensive or even devastating data loss.
Release of MSP360 Connect (Formerly Remote Desktop) for Android
We are pleased to announce the release of our Connect (Formerly Remote Desktop) for Android in Google Play.
The application is available absolutely free of charge. Be the first to try the newest addition to our MSP360 Connect product line-up. Continue reading
News You Might’ve Missed. 12 – 16 Apr
Compromised Microsoft Exchange Servers getting hacked by FBI; A second zero-day Chromium exploit code released on Twitter, and data of 1.3 million Clubhouse users exposed.
Let's see what it's all about. Continue reading
IT Security Audit: A Comprehensive Guide
Most IT professionals perform ongoing security monitoring of their environments to catch security problems as they arise. But what happens if your monitoring tools don't catch a threat or vulnerability? Or, what if there are underlying configuration problems in your IT environment that invite security breaches? Continue reading