Are MSPs a cyber security “risk” to small businesses?
Could MSPs be a cyber security “bridge” to small businesses?
Managed service providers (MSPs) offer a range of essential services to companies of all kinds and across hundreds of industries.
In the last decade, as the risk from cyber-attack has become more prominent for small and medium-sized businesses (SMBs), cyber security has become one of the more popular third-party services offered by MSPs.
On the face of it, MSP cyber security is a popular option; many small businesses have neither the expertise or resources to create and manage an effective cyber security network for their company, a gap MSPs can fill.
But MSPs themselves have now become a popular target for cyber attackers who, rather than spend time targeting businesses one-by-one, can use MSPs as a ‘bridge’ to target hundreds or thousands of small businesses at once.
Attacking the gate keepers
Really it should be no surprise that MSPs offer a tantalising target for cyber criminals. These third-party providers essentially hold the keys to the kingdom of hundreds, if not thousands of smaller companies, which regularly share sensitive data to enable MSPs to do their jobs.
If a cyber criminal can gain access to an MSP’s system – potentially a harder target than a small business – the pay-off will be much greater because it is not likely that the breach will be immediately detected (many breaches take months to identify) and the damage which can be done with unrestricted access to an MSP’s customers could be devastating.
Misconceptions of MSP cyber security
To make their service more attractive to customers, many MSPs offer cloud-based services, with the assumption that, because the data is stored in the cloud, it is secure. Not exactly.
Service providers must be proactive in ensuring the security of access to this data. For instance, any back-up files which are sent to the cloud could be intercepted in transit and – as businesses choose to store sensitive information like client data, usernames and passwords in the cloud – the pay-off for getting access to this information could be huge.
Deloitte, for example, fell victim when attackers obtained an administrator account, which only needed a single password, and gained access to the business.
A simple two-step authentication process could have helped prevent this.
A single security breach of this kind can have a long-lasting impact on the reputation and business stability of an MSP offering cyber security management. Even an attack which took place today could easily continue with ramifications for years if businesses are targeted later.
Not to mention that the fines in place under the General Data Protection Regulation (GDPR) are substantial enough to possibly put any MSP of cyber security services out of business.
The commercial case for MSP online encryption
The constant headlines about cyber attacks against businesses and MSPs means that any company now looking for an MSP cyber security service is now also looking for a partner which understands the problem and ‘practices what they preach’ when it comes to keeping customer data secure.
Much like any service is driven by the customer need and experience, online security and encryption is driven by the ability for small businesses and MSPs to deploy and manage online encryption effectively.
The problem many have had in the past is that current encryption software is either built for individual consumers – so can’t be scaled into a business – or for larger organisations and governments which are too complicated to be used within a small business environment.
Any MSP which is able to offer a dedicated small business VPN stands to not only gain from offering the service, but from the reputational boost that they are also protecting themselves against attack and not putting client data at risk with patchy security software.
Cyber attacks against the supply chain of a business are becoming more common in the modern “connected” environment and it is no longer enough that MSPs can overlook their own cyber security if they ensure the safety of their clients’ data.
While offering online encryption for SMB clients has become imperative for MSPs, the problem is that the existing solutions are difficult to manage and have not been designed for SMBs. Find out how Privatise Online Encryption solves that problem by downloading our latest eBook.