Stop building more walls and locks, and start focusing on the data first
Most of the security and compliance tools that are prevalent in the MSP marketplace focus on addressing network and endpoint exploits. AV, EDR, VA, IPS, DPI, etc. all focus on exploits.
But exploits only cover half the story. After all – exploits are vector: the-way-in to the customer’s networks; but what concerns most customers are the business implications of an exploit being -ahem- exploited. And what determines the business implications isn’t the exploit used – but the type and amount of data affected by the exploit.
When you talk with your clients, of course you are going to follow the basics 1,2,3 but to really be a business partner to your customer you need 4 and 5:
- Check your access management policies
- Make sure your software is patched and up to date
- Monitor network and endpoint potential exploits
- Perform a data risk assessment: Where sensitive data lives, who is accessing it,
where is it coming from and where is it going to
- Communicate data risk to your customers and discuss remediation: Knowing your customers data, allows you to have the next level conversation about how secure and compliant their data and business practices are
Armed with the additional information in 4 and 5, MSPs can be more competitive, generate more revenues and overall forge deeper relationships with their customers. This also provides all the steps necessary steps to be data privacy compliant.
Actifile works with MSPs to provide data risk assessment, monitoring and remediation, across all data privacy regulations (HIPAA, PCI, NIFRA, CMMC-3) and all sensitive data types.