MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe


Empowering Your MSP Business to Grow and Prosper—One Post at a Time

The-Ultimate-Guide-to-Success-in-Managed-IT-Services


Featured Post

The Ultimate Guide to Success in Managed IT Services

What are the fundamentals to building a profitable managed IT services business? Keep reading to discover the four key ingredients for success.

Read Now

Understanding the Essential Eight: Multi-Factor Authentication and Daily Backups

Posted November 1, 2018by Elliot Seeto

Understanding the Essential Eight: Multi-Factor Authentication and Daily Backups

As we near the end of our series on understanding the Essential Eight, we’re leaving the easiest strategies for last—but they’re no less important in the grand scheme of security best practices. In this post, we’ll cover how to limit access to sensitive information with multi-factor authentication, as well as how to ensure easy recoverability with daily data backups.

If you missed our previous posts, you can catch-up on them here:

Why Clients Need Multi-Factor Authentication

Firstly, it’s extremely important to have good, safe password policies in place, but this should not be a substitute for multi-factor authentication (MFA). Most IT professionals have instilled good policies already—however, if you need more guidance on industry best practices and compliance, you should review the latest NIST Standards for more information. 

While you may already have good password policies in place today, the reason why MFA is so important comes down to human nature. I’m sorry to lump our whole species together, but humans are lazy by nature. This has not necessarily been a bad thing, though; our desire to do things quicker, easier, and more efficiently has spurned several millennia of innovation to improve our lives.

There are tactics you can use—such as minimum password length, mandatory character complexity, password expiration dates, etc.—to strengthen passwords, but this doesn’t necessarily make them more effective. People usually repeat passwords across all applications and make minor changes to them when they expire, i.e. Password#1, Password#2, Password#3, and so on. Sound familiar? This practice is more common than not, and I must admit, I have been guilty of doing this in the past before I became “woke.”

How Does Multi-Factor Authentication Fit into My Offering, and Why Should I Include It?

Taking into account the ‘human’ element, an MFA solution essentially mitigates this by providing an additional step to confirm access to secure, critical applications to avoid unauthorised access and potential data breaches. Sounds simple, right? It should be, but getting clients to change the way the work and access various tools can be the tricky part.

Clients may complain that those few extra seconds it takes for them to get in feels like the end of the world. Rather than giving in straight away, we—as the trusted advisors—should be driving awareness for our clients. This can be done through marketing campaigns, highlighting threats and the costs of a breach, and ongoing security awareness training through various methods. For example, running dummy phishing campaigns is important to help clients understand who is most at risk within their organisation. Through our partnership with Webroot, Continuum offers security awareness training, which is now widely considered to a requirement for foundational security practices.

Should Backup Be Considered a Security Standard? 

We can probably all agree that having proper backups, especially for critical services, is essential. However, there is an argument that backup is not considered security; that it’s more of an insurance policy. 

As Continuum CEO Michael George explained in his keynote at Navigate 2018, “calling BDR ‘data protection’ is like calling a sprinkler system ‘fire protection’—giving customers a false sense of security. But BDR is a necessity when security fails.”

Backup does not protect against data theft, and it doesn’t protect against hackers delivering a malicious payload and locking up your machines with ransomware. Backup is there when all else fails, and in the event of a catastrophic failure, it provides you with some peace of mind that you can recover. But the downtime can be costly. Loss of productivity, revenue, and data can be detrimental to the health of a business. Not to mention the stress that typically comes with it.

To provide a real-world scenario that we can all relate to, let’s use your car. Most people have some sort of insurance for your car. But just because you have insurance on your car does not mean you should leave it unlocked or drive it off a cliff. In many cases, not having a car for any period of time can make it harder on your life. And even worse, you may have to suffer the pain of having to navigate the public transport system!

The intention here is not to undermine the importance of backup as a standard business practice—it is an extremely critical component for any managed services offering—but to redefine the use of backup as a security function. Backup should be considered as a fail-safe, a last resort against absolute failure to ensure recoverability and business continuity.

So, What Should I Be Looking for in a Backup Solution?

Easy... Continuum BDR! Need I say more?

Only kidding. There are many great tools on the market today that cater to the MSP channel. From basic backups to full business continuity with disaster recovery capabilities. Some of the key areas you should be looking for are:

  • Flexible retention points
  • Local and offsite storage options (consider storage locations for regional compliance)
  • Security
  • Accessibility
  • Disaster recovery options (including DR tests)
  • Simplicity
  • Support capabilities

These are just some items to look at when making your decision. At the end of the day, cost and client needs may also be a factor. Some businesses (like trades and brick and mortar stores that don’t rely on a POS system) may be able to cope with an outage for a short period of time. But larger organisations may have critical systems that are necessary just to function as a business. These should be considered when providing your clients with an appropriate solution for their needs. Overselling can be an issue here, as it may lead to your customers questioning you as their trusted advisor. 

With Continuum BDR, we provide all the above. However, where we differ from other tools is the service we provide as part of our overall offering. Similar to our other solutions, we provide fully-managed NOC support, staffed 24x7 to support you and your clients. In turn, this allows you to save time and cost by reducing technician workloads on daily backup checks.
 

If you’d like to learn more about the power of Continuum BDR, view an on-demand demo.

 

Handpicked for you:

Download Incident Response Plan Guide

Elliot has been in the IT space for over 10 years. Having started out his career in a Support and Operational capacity, he quickly moved into Technical Sales focused roles. His ability to relate to his previous support experiences allow him a unique perspective to provide the right solutions and insight to his client base. As a Technical Account Manager with Continuum in APAC, he is focused on helping partners grow their business while promoting Continuum’s brand throughout the region.

RMM 101: Must-Haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus