Understand The Times
Thanksgiving is just around the corner. This is a holiday of high-sales. Your MSP security solutions must be prepared for this influx of traffic. You want to automate security as much as possible, but even Amazon has Jeff Bezos. The point is, you’re going to have some human being somewhere in any organization; and they aren’t just a placeholder.
No machine can think critically. You’ve seen the AI-programmed robot recently granted citizenship by Saudi Arabia. It’s not some sci-fi android with a personality, is it? You can tell the machine behind the rubber mask is constantly going through subroutines and previously-designed responses. The conversation seems more real than ever, but it’s still got limitations. Despite mankind’s best efforts, machines still cannot think critically. This means the best automated security solutions are still going to have holes if you don’t properly manage them with human observation, cognizance, and decision-making skills. You’re going to have to exercise proper judgment for the best security.
This becomes doubly perplexing when you consider that often the worst threats to any security solution derive from the inside of a given company. Following are several bad habits that you need to avoid, using critical thought and human intervention over automation. These include:
- Proper network segmentation
- Defining which sites are safe for employees to access
- Administrators avoiding surfing the web from their administrator accounts
- Critical systems being used for critical purposes only
MSP security needs to identify areas where network use can be less controlled and those where it must be tautly managed. The reality is, if you really want requisite security, your network should only be used for business purposes. But the thing is, many employees at work may get bored during slow times and surf the web. You’re probably not going to be able to prevent this with rules, even if you fire employees that get caught. This is especially true in call-centers. You’ve got two options: totally restrict the web, or partition the network such that those surfing can’t compromise internal systems should they click the wrong thing at the wrong time. This is a wiser approach. Many jobs are totally thankless, and the only perk is web access. Cut that out and you’ll induce resentment while reducing productivity in employees. But properly segment things and you can both have your cake, and eat it, too.
Defining Which Sites Are Safe For Employee Access
You can always put up protections which bar out certain sites. Granted, there are proxy solutions which can be used by employees to overcome firewalls and the like, but defining that which can and cannot be accessed has some quotient of effectiveness.
Administrators Shouldn’t Surf the Web from Administrator Accounts
Administrators are a cut above the regular employee in terms of responsibility and company influence. But they’re likewise going to need web access in today’s super-fast, futuristic world. The way around this is, again, to segment the network in a way that some access points have total web access, and some don’t. Administrators should never be on the open web if they’re using internal company accounts. But they’re going to be tempted. Make it easy for them to access the web on a non-essential account, and train them on the necessity of retaining secure web-utilization practices when administrator accounts are in play.
Critical Systems Shouldn’t Be Used for Non-Critical Purposes like Social Media
Whenever you’ve got critical systems in play, they should not be used for non-critical purposes. Social media should never be accessed on a critical system. This can compromise your entire operation. Ensure that such protocols are strictly enforced throughout your business.
Securing Operations This Thanksgiving
MSP security will be stressed during the holidays. If you want to see the most sales and the least security issues, be sure to train not just lower-level employees, but higher-level executives. This is as true for your internal MSP operations as it is for the clients your MSP represents. Ensure systems are secured for yourself and your clients.