MSPs Beware – Dropbox, Google Drive and other Cloud Storage Threats
A Managed Service Provider (MSP) has a lot to worry about within the information technology services they offer. Your clients probably store data that is critical to their continued success on your servers. If their network becomes breached, your network may become susceptible to risk and vice versa. Using cloud storage providers such as Dropbox, Google Drive and other Cloud Storage Threats may increase these chances because of the limited encryption options and the fact that IT will have limited control and usually no visibility.
Because of this, data security should always be at the forefront of your mind. Blocking cloud storage websites, implementing strong encryption protocols, and using multi-factor authentication logins are all a great start, but no matter how robust the software side of your data security is, it’s only as strong as your weakest link.
For all too many companies, the weakest link turns out to be employees.
If employees are not fully trained on all aspects of cyber security, and if they don’t understand and appreciate the pivotal role they play in keeping your clients’ data secure, then the future of the company is at risk.
At a minimum, your employees should be:
- Using strong passwords with symbols and numbers. Remember that ending your password with an exclamation point is expected, so don’t use it!
- Changing those passwords at least once a month.
- Resisting the temptation to use the same password or a variation of the same password across multiple systems or web properties.
- Using completely different passwords for work and personal use.
- Availing themselves of two-factor authentication protocols on third party systems at every opportunity.
- Avoiding 3rd party websites where data will be transferred on and off the company network.
As an MSP, you should also take the time to train all employees on such things as how to spot phishing and other common forms of attacks and execute phishing exercises. This is an ample time to implement training on how to use Google Drive and Dropbox properly as well, but another option is to block websites like these from employee use.
On the software side, at a minimum, you should ensure that all OS browsers, anti-virus and other software are up to date with all the latest security patches. Studies show that taking these simple steps will block about 85% of the attack vectors attempted against your client’s systems.
It’s likely that you’ve already invested in data encryption technology, but as an MSP, it’s especially critical for you to have a robust and secure backup system in place in the event that you or your client is breached, as this will allow you to recover quickly.
The bottom line is that there’s no “one” magic bullet where data security is concerned. It is a multi-pronged, multi-faceted project that’s never finished. If you want to succeed and maximize your own protection, and the protection that you offer to your clients, then your cyber security plan should be in a constant state of evolution as new attack vectors arise.
What are some steps you’ve taken to protect your clients? Tweet us at @ID_Agent and let us know!