If you wanted to learn about and safeguard against all of the security issues facing your managed IT services business, you’d easily get sucked into a Google search results black hole. In other words, trying to digest the depth and breadth of existing security concerns is as daunting as it is impossible.

So how can you protect your customers and help them increase their own security with this ever-expanding threat landscape? Identify the main problem. I’ve got news for you. It’s sitting not two feet from your desk. Yes, the biggest threat to your clients’ security is your own employees.

Don't Believe Me?

In a recent research report, Infosecurity Europe found that:

26.2% of respondents believe that ignorance among end-users on the importance of protecting corporate data presents the principal challenge. [source] Tweet this stat!

Why? Wouldn’t employees, and especially those in IT, be the most likely to take care of your customer’s data? Ideally, yes. In reality, many people are careless, whether it’s leaving mobile devices with sensitive information unattended or passing around Post-its with login credentials. Just walk around your office, and look for sensitive materials out in the open. The state of employee security is alarming, but the answer is simple: educate.

58.9%, said they felt that information security wasn’t being incorporated into overall IT strategies to prevent future weaknesses being built into existing infrastructures. [source] Tweet this stat!

Do you have a training program in place?

Employee Security Agenda Items:

1. Password security

We covered this subject in great detail in an earlier post. Simply put, effective password management is a critical first step in protecting client data. No more Post-Its! Look into secure password managers to store these confidential credentials!

2. Update applications regularly 

Staying on top of the latest patches and fixes that the software creator has identified is another simple yet effective method to secure company information, both yours and that of customers! Create a regular cadence of checking for updates if they are not pushed out to you and your users.

3. Physical security of devices

When someone leaves his/her desk, make sure he/she either takes devices with them or at least locks them down. This lock down could take the form of physical lock down (locking devices with a desktop lock is one option)

4. Lock device screens

When leaving your desk unattended, lock your device's screen! A simple Ctrl+Alt+Delete does the trick for a PC, and Ctrl+Shift+Eject or Ctrl+Shift+Power works for a Mac. 

5. Educate customer employees on phishing scams 

Check out this blog post for the most popular ones to be aware of!  While the danger of clicking on suspicious links that ask for bank account information seems like a no-brainer, your staff and clients might not understand the difference between annoying spam and threatening scam. 

6. Provide anti-virus update services 

You might be surprised at how poorly many manage their own AV environment. Free up clients’ time and offer to perform these mundane tasks for them!

7. And while you’re at it, offer back up services! 

If you are not doing this already, your clients are at risk. Hope for the best, but plan for the worst. Do you know what to look for in your BDR vendor?

8. Firewall

Ensure Internet connection security, and maintain a secure web presence. Your customers will depend on your services to keep them safe and profitable. 


By the way, these lessons aren’t just applicable to your employees. Take them and educate your customers, themselves. You’re not just their IT techs. You’re their trusted advisors. These are just several suggestions to implement in order to better serve your clients. Can you think of any other examples of IT security bad behavior in the office? How do you correct it in your own MSP practice? Sound off below!