As a Managed Service Provider, you are expected to juggle a lot of tasks. The foremost amongst them are on-boarding and ensuring security for your clients. We try to present the most crucial best practices in these areas to streamline your processes and ensure you manage your work efficiently.
This should be the very first step for any MSP while on-boarding a client. It helps provide clarity of the tasks ahead, right off the bat. Having those tasks listed accomplishes two things; One, it helps create a workable schedule for your agents and two, charts a path that gives visibility into the goals of your projects. It enables you to keep track of your progress and also course correct if there are any deviations from the original roadmap.
A project manager is the captain of your team, helping improve the overall communication with your clients and within the team They will also keep the team and the client apprised in case of any delay/disruptions in the project, and ensures any roadblocks to the project are immediately dealt with while the rest of the team moves forwards.
An assessment of the client’s operating environment is crucial to estimate the initial groundwork that needs to be done to kickstart your project. It also gives an idea of what kind of disruptions (operational or otherwise) to expect and means to tackle them. An initial assessment also tempers the expectations of the client when it comes to the on-boarding roadmap and expected timelines for project completion. Having said that, doing a quality assessment during the sales process itself is imperative.
Documenting information is crucial in the on-boarding process that most MSPs don’t pay enough attention to. When it comes to information, “the more, the merrier” should be your mantra. The information that is gathered during on-boarding, and your quality network assessment will act as a knowledge base. When making a first-call resolution, this will be immensely useful as you will be making informed decisions based on the available data.
As an MSP, you should have an on-boarding process in place before even touching base with the client. This includes templates you have prepared, checklists for the processes, and every other detail necessary. Having a complete on-boarding process reassures the client of your competency and work ethic. This helps in establishing an effective working relationship from the start.
MSPs have long been the victim of ransomware attacks. The chief reason for that is MSPs generally tend to have numerous clients in their portfolio. This provides a case of killing many stones with one bird for the attackers. Managed Service Provider also have direct access to their client’s servers, by design. These reasons make them prime targets for hackers.
As an MSP, security should be your top-most priority. It also affects your credibility and might have a huge financial cost as well. That is why you need a security best practices list to fall back on to ensure your operations are not disrupted.
IAM is one of the most vulnerable areas for an MSP. Identity management starts the moment a user is onboarded into your network. Having a central directory of your users could be a start. When the users are onboarded, it is important to adopt a privileged access management (PAM) policy to prevent nomads in the network. In addition to that, implementing Multi-Factor Authentication (MFA) across the board adds another layer of security to your servers. An important point area of concern is orphaned accounts. When a user leaves a team or gets assigned to a different team within your company, their accounts end up being inactive and are prime fodder for hackers. It is important to revoke permissions and offboard those accounts on a timely basis.
Monitoring your servers for lurkers and vulnerabilities can be easier if there is a strict protocol that is adopted. This starts with securing your endpoints viz. emails and web browsing. Enabling strict email authentication protocols and preventing users from inadvertently accessing malicious websites through filtering will serve you well in the long term. A reliable antivirus solution is also important for protecting your internal data as well as your client’s. Some MSPs go the extra mile by conducting regular third-party security audits.
This is a no-brainer, primarily since MSPs deal with confidential client data on a daily basis. The basic rule of thumb when backing up data is the ‘3-2-1 rule’. According to this rule, you should have at least three copies of your data, have them stored across at least two different storage media, and save a copy of your data offsite. The last rule takes into account the possibility that if your Remote Monitoring and Management (RMM) tool is compromised, hackers can also get access to your cloud backups. Always periodically set alerts for data backups and keep testing them for vulnerabilities.
Having a robust patch management practice not only helps you win clients but also serves to improve your internal security protocols. Your patch management strategy should include regular audits of known vulnerabilities in your network and the software suite your company uses. This means ensuring your software tools are up to date according to the vendor’s latest release and setting up alerts to ensure this is done proactively. Analyzing your log files could help identify the already existing weak points in your system and can be an effective tool in your security toolkit.
While following cybersecurity best practices is a sure way of preventing disruptions and securing data, it is always better to have a Plan B. The first step should be to clearly establish roles and responsibilities during an attack. The next important step is to have a plan to inform the necessary stakeholders. This is crucial and may also help you steer clear of legal issues. Appraise your team of this plan and also involve them in drafting the plan to ensure a coordinated response. Running a few practice drills on a periodic basis will help create a ‘war footing’ mentality come D-day.
Sorry, our deep-dive didn’t help. Please try a different search term.