How to Break Bad IT Security Habits

Author: Continuum’s Meaghan Moraes
Author: Continuum's Meaghan Moraes

It seems like there’s always that one employee who’s not only careless when it comes to IT security, but also resistant to changing their habits—that inevitable hole in your systems that could easily crash your business. As an IT provider offering managed security, you have quite the undertaking to assume the responsibility of minimizing human error and strengthening your clients’ security posture. The question is, what does it take to break the bad security habits that have been embedded in countless SMBs?

The cadence of “good” security hygiene is daily. With a checklist of daily security guidelines that includes continuous cyber security education and threat monitoring, your clients will be in the best shape possible for dodging cyber attacks. Here are three key areas to hone in on.

It All Starts with People

Over half of all data security breaches are caused by human error, so it’s vital that your staff—as well as your clients—are shown how to identify things like malicious email phishing attempts, and given best practices for smart and safe computing, like:

  • Using proper password etiquette
  • Not leaving your laptop unlocked while you’re away from your desk
  • Not downloading a number of personal applications instead of using corporate-approved apps
  • Ensuring user roles and permissions are properly managed
  • Deleting credentials when employees leave the place of work
  • Considering mobile device management for certain client environments

Increased investment in employee training can reduce the risk of a cyber attack up to 70 percent, according to Wombat Security Technologies and the Aberdeen Group. Cyber security leader, Webroot, offers a number of comprehensive training courses that cover: how SMB can reduce cybersecurity risks, meet compliance requirements, save time and costs by eliminating the need to remediate infections and breaches, and become a strong first line of defense instead of an easy target.

Having a Process

In order to prevent breaches as best you can, businesses need to have a solid process. An incident response plan is a detailed document that helps organizations respond to and recover from potential—and, in some cases, inevitable—security incidents.

This plan should:

  • Align with organizational and sector goals
  • Consider legal/regulatory requirements and industry best practices
  • Reflect risk management priorities

Having this process in place will help ensure any situation is handled quickly, efficiently, and with minimal damage.

The Power of Technology

The last piece to having an effective security policy is the technology. Offering your clients an advanced security solution will allow you to identify, prioritize and mitigate gaps in coverage—ultimately managing risk on an ongoing basis.

For example, Continuum Security combines powerful software with a suite of SOC services to deliver both foundational security and highly advanced protections for SMB customers—including endpoint management, SIEM, advanced threat intelligence and the capabilities and reporting required to ensure compliance in modern business environments. This way, MSPs can deliver a complete, end-to-end cyber security offering without having to build and maintain in-house operations. With additional layers of security, users have the ability to roll back in a completely different way: immediately, proactively and effectively.

Bonus  - Watch This: Learn how to effectively position your cyber security offering to SMB clients. In Continuum's recent webinar, marketing experts explain how you can gain client buy-in with compelling sales talking points and provide objection handling strategies you won't find elsewhere. Watch the webinar here

Meaghan Moraes is content marketing manager at Continuum. Read more Continuum blogs here.